A nice post from Microsoft ForeFront Server Security team explaining the usage of FSSMC in a cluster environment.
A Forefront Security for Exchange Server (FSE) user asked us a question recently about using the Forefront Server Security Management Console (FSSMC) to manage clustered Exchange servers. He was confused by our guidance that says the FSSMC can be used to manage clustered servers, but it cannot be installed on a clustered server.
So, I wanted to provide some clarification about using the FSSMC with clustered Exchange servers. Here are the important points:
1. FSSMC can be used to manage clustered servers.
2. The FSSMC deployment agent should be installed on all physical nodes of the cluster so that on failover it will be there to service FSSMC requests. FSSMC is aware of which nodes are active and which are passive and only the active node(s) will service requests (i.e. signature updates, configuration updates, etc.), but all nodes have jobs configured for them. If the node is passive, the configured job does not run.
3. The FSSMC manages the physical nodes of a cluster and not the virtual nodes.
4. The FSSMC cannot be INSTALLED on a clustered server. In other words, the management console cannot be installed on and run from a clustered server. Administrators need to install the FSSMC on a computer in their network that is not part of a cluster.