McAee SaaS Email Protection-Quickstart PDF

Partner Quick Start for Email Protection
Last Update: June 2010 Updated: November 2010
Proprietary and Confidential
RESTRICTION ON USE, PUBLICATION, OR DISCLOSURE OF PROPRIETARY INFORMATION. Copyright 2010 McAfee
This document contains information that is proprietary and confidential to McAfee. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording, or oth- Web site: www.mxlogic.com erwise) without prior written permission from McAfee. All copies of this document Documentation Feedback: are the sole property of McAfee and must be documentation@mxlogic.com returned promptly upon request.
McAfee, Inc. 9781 South Meridian Blvd., Suite 400 Englewood, CO 80112 USA Direct +1 720-895-5700 Toll Free +1 877-695-6442 Fax +1 720-895-5757
November 2010
Proprietary: Not for use or disclosure outside McAfee without written permission
ii
Contents
1 Administering Customers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Quick Start Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Who Should Use This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Administrative Levels of Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Recommended Browsers for Control Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Administrative Windows Accessible by Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Partner Permissions for Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Partner Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Parent Partner Administration of Downstream Partners . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Parent Partner Administration of Customers of Downstream Partners . . . . . . . . . . . . . . . . .14 Ensure the Customer Can Receive Email from the Service Provider . . . . . . . . . . . . . . . . . .15 Sign into the Control Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Reset Your Password from the Sign in Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Review the List of Customers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Download a List of Customers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Create a customer and activate package solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Bundles and Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Rules for Selecting Bundles and Packages .....................................................................21 Steps to Create a Customer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Create a Primary Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Create a Domain Alias, If Necessary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Set up the Customers Inbound Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Delete an Inbound Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 Add IP Address of Outbound Server, If Necessary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 Delete an Outbound Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Have the Customer Set up a Smart Host (If Outbound Mail Protection is Turned on) . . . . .32 Have the Customer Redirect the MX Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Confirm the Policies for Customer Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Have the Customer Lock Down the Customer Environment . . . . . . . . . . . . . . . . . . . . . . . . .33 Rebrand your interface and that of your customers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Types of branding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Available Branding Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35 Levels of Branding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37 Configure Branding at the Partner Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38 Configure Branding for a Customer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Set up a protected user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
November 2010
iii
Administer Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 Administer Other Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Customize Inbound Mail Filters (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45 Create Groups, If Necessary (Enterprise Customer Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45 Administer Disaster Recovery Services for the Customer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45 Administer MSP Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46 Create a Partner Distribution List (for MSP Connector only) . . . . . . . . . . . . . . . . . . . . . . . . .47 Configure the Partner MSP Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47 Add Customers for MSP Report Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 Turn on Exception Notifications for the Partners MSP Connection . . . . . . . . . . . . . . . . . . .49 View an MSP Connector Audit Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50 Download an Audit Report ...............................................................................................54 Sample ConnectWise Configuration page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54 Configuring MSP Connector for Customers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55 Configure Message Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
2 Administering Downstream Partners. . . . . . . . . . . . . . . . . . . . . . . . . 57

Review the List of Partners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Create a Partner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Edit or Change a Partner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Delete a Partner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Branding, Distribution Lists, and MSP Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
3 Service Bundles and Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Managed Service Bundles Detail: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Email & Web Security Bundle inclusions..........................................................................61 Email Security & Archiving, both 1-yr. and multi-yr., inclusions .......................................62 Complete Security bundles, both 1-yr. and multi-yr., inclusions.......................................63 Inbound Email Protection Packages ................................................................................65 Outbound Email Protection Packages..............................................................................67 Email Archiving packages ................................................................................................67 Web Protection Package..................................................................................................68
November 2010
iv
Quick Start Checklist
1. Administering Customers Quick Start Checklist

The following checklist lists the tasks you would typically perform to support customers who use Email Protection. Each task is described in more detail later in the Quick Start Guide.
Task Sign into the Control Console Description You need the URL, sign-in, and password, which you might need to create yourself. To set your password, see Reset Your Password from the Sign in Page. Review your list of customers to see who is already administered or to access a customer for additional administration. On the Control Console, click Account Management > Customers > Create. See Partner Permissions for Administration on what you might or might be allowed to administer. On the Control Console, click Account Management > Domains. On the Control Console, click Account Management > Domains. Select a domain, then click Edit Aliases. Click Email Protection > Setup > Inbound Servers. You must enter an IP address (for example 100.2.45.107) or a CIDR address (for example 100.2.45.107/27) Click Email Protection > Setup > Outbound Servers. You must enter an IP address (for example 100.2.45.107) or a fully-qualified DNS address. You cannot use CIDR notation.
Review the List of Customers
Create a customer and activate package solutions
Create a Primary Domain Create a Domain Alias, If Necessary Set up the Customers Inbound Servers
Add IP Address of Outbound Server, If Necessary Have the Customer Set up a Smart Host (If Outbound Mail Protection is Turned on) Have the Customer Redirect the MX Records
To ensure that your outbound email is filtered, you must designate, for each of your outbound mail servers, an Email Protection server as your Smart Host. The Mail Exchange (MX) record for each of your mail servers is a specification within a Domain Name Server (DNS Server) operated by your Internet Service Provider (ISP). These records must be changed by your ISP to fully-qualified domain names (for example, denver.acme.com) within the Email Protection network. The exact changes necessary are provided by your Email Protection provider in the Service Activation Guide.
November 2010
Quick Start Checklist
Task Confirm the Policies for Customer Domains Have the Customer Lock Down the Customer Environment
Description Click Email Protection > Policies. Select the default inbound policy, then browse each tab for the policy.
Five to seven days after you have redirected your MX record, and after you have verified that email is being filtered and delivered appropriately, restrict all IP access to your mail server with the exception of the Email Protection subnets provided in your Service Activation Guide. To provide the look and feel of your company for your customers service, or to allow customers to change the look and feel for their own company, configure branding. Click Account Management > Partners > Branding or Account Management > Customers > Branding. See also Types of branding, Available Branding Attributes, and Levels of Branding. A protected user cannot be deleted via bulk or batch update processes. Thus, Customer Administrators are recommended candidates to be protected users. Create a user. Select the user, then click Edit. Define how users log in Disable user access to the Control Console Turn on explicit user creation Create remaining users Create user aliases
Rebrand your interface and that of your customers
Set up a protected user
Administer Users
For information on administering users, see Email Protection Quick Start. Customize Inbound Mail Filters (Optional) You or the customer can customize the default inbound policy for groups of users to fit the customers business needs. For more information on customizing policies, see the Email Protection Quick Start or, for details on all customizing options, see the Email Protection Administrator Guide. Create Groups, If Necessary (Enterprise Customer Only) Groups are used when there are users in the organization whose email should be filtered according to a policy other than the default policy. Creating and applying groups is a three step process: 1 Create a new group. 2 Assign individual User Accounts to the group. 3 Create a new policy with special email filtering rules and associate the group to the policy. For more information on creating groups, see the Account Management Administrator Guide.
November 2010
Who Should Use This Document
Task Administer Disaster Recovery Services for the Customer
Description Disaster Recovery Services consists of one of two services: Fail Safe Email Continuity Either of these services are optional and available at additional cost. If your customer has purchases Disaster Recovery, you ore the customer can administer Disaster Recovery. See Administer Disaster Recovery Services in the Email Protection Quick Start.
Administer MSP Connector
Managed Service Platform (MSP) Connector enables the delivery of email traffic and threat data directly to your ConnectWise network performance dashboards. To utilize the MSP Connector capabilities, you should: Create a Partner Distribution list for MSP Connector notifications Configure your ConnectWise information on the Configuration screen. Select the domains needed to push your data to ConnectWise. Enable Exception Notification if you wish to receive csv. files reporting data. In addition, if a customer also uses ConnectWise, you can configure that customer for MSP Connector.
Configure Message Audit
For more information, see Message Audit Quick Start Guide, which is posted on the Partner Portal under Support.

This document provides instructions for Partners and service provider administrators. This document assumes that the administrators are performing tasks on behalf of their customers.
Administrative Levels of Users

The levels of administrative users you can add are as follows:
Administrative level
Group Administrator
Description
The Group Administrator can add and remove members from one or more groups if assigned to those groups. A Group Administrator can also create,edit, and modify Email Protection policies for the assigned groups. A Group Administrator does not need to be a member of a group in order to have these capabilities. Note: A Group Administrator cannot add or remove a group.
November 2010
Administrative level
Reports Manager
Description
The Reports Manager can view, for an assigned domain, reports available with Email Protection. The Reports Manager can also manage his or her own user preferences and all other tasks a user can perform. The Quarantine Manager, for an assigned domain, can manage the same areas as a Report Manager, plus manage, for the assigned domain, all users Quarantine for spam and other problematic messages, only if Email Protection is enabled. The Domain Administrator, for an assigned domain, can manage the same areas as a Quarantine Manager, plus manage server setup and authentication rules for the domain. The Customer Administrator, for all domains and groups, can manage the same areas as a Domain Administrator or Group Administrator, plus manage all user accounts for that customer, Email Protection policies, create and delete domains and domain aliases, create and delete groups, and manage additional options, if enabled, such as Message Audit and Performance Reports. The Cusotmer Administrator is also the only administrator who can manage passwords. A Customer Administrator cannot edit domains.
Quarantine Manager
Domain Administrator
Customer Administrator
Partner Administrator
The Partner Administrator can manage all aspects of the partners account. In addition, if given customer management permission and permission to configure the core products of Email Protection, Web Protection, and Email Archiving, can manage all aspects of the customers accounts. Finally, the Partner Administrator can create and modify downstream Partners who have their own customers.
The following figure summarizes the levels of administrators, plus users, in an Email Protection configuration.
November 2010
Recommended Browsers for Control Console

The Control Console is a Web-based administration tool that provides multiple levels of security, accessibility, and configurations depending on several standard entities and roles. See the Account Management Admin istrator Guide for a list of recommended browsers for the Control Console.
Administrative Windows Accessible by Administrators

The following tables list the windows that administrators of each level can access. Account Management Window Access Privileges Email Protection Window Access Privileges
Table 1: Account Management Window Access Privileges

CustomerAdministrator DomainAdministrator PartnerAdministrator QuarantineManager GroupAdministrator
No No
WindowAccess
Partner/ Customer Feature Enablement Required
PartnerTab
Create Partner Edit Partner No Yes. Cannot enable Branding or applicatio ns (Email Protectio n, Web Protectio n, Email Archivin g Yes No No No
Distribution List
No
No
No
No
November 2010
CustomerAdministrator
DomainAdministrator
PartnerAdministrator
QuarantineManager
Branding
Yes. Branding type must be White Label, Co-branding, Rebrand, or Private No No No No
Yes
Yes
No
No
No
MSP Connector: Configuration MSP Connector: Customers MSP Connector: Notification MSP Connector: Audit Report
Yes Yes Yes Yes
No No No No
No No No No
No No No No
No No No No
CustomerTab
Create Customer Edit Customer Yes. Customer Administratio n must be enabled. Yes. Branding type must be White Label, Co-branding, Rebrand, or Private No Yes. MSP Connector must be enabled Yes No No No No
Branding
Yes
Yes
No
No
No
Distribution Lists MSP Connector: Configuration MSP Connector: Domains MSP Connector: Notification MSP Connector: Audit Report
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
No No No No No
No No No No No
No No No No No
November 2010
GroupAdministrator
WindowAccess
DomainAdministrator
QuarantineManager
Performance Reports
Yes. Performance Reports must be enabled
Yes
Yes
No
No
No
Domainstab
Domain Accounts List Create Domain Delete Domain Edit Domain Aliases Edit Domain Branding None Yes. Domain Administratio n must be enabled No Yes. Branding and Domain Administratio n must be enabled No. Yes Yes Yes Yes No No No No No No
Yes Yes
No Yes
No Yes
No No
No No
Aliases
Yes
Yes
Yes. Users must be given ability to set up aliases by admin istrato r. Yes
No
No
Preferences
No
Yes
Yes
No
No
UsersTab
User Accounts My Account No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
November 2010
GroupAdministrator
WindowAccess
DomainAdministrator
QuarantineManager
My Account: Aliases My Account: Change Group My Account: Preferences My Account: Quarantine My Account: Email Continuity
No No No No Yes. Email Continuity must be enabled No No No User must be a Group Administrator No No No No Yes. Email Continuity must be enabled No No
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes No Yes Yes Yes
Yes No Yes Yes Yes
Yes No Yes Yes Yes
My Account: Allow/Deny Lists My Account: Email Activity User Details User Details: Group Administration User Details: Aliases User Details: Change Group User Details: Preferences User Details: Quarantine User Details: Email Continuity
Yes Yes Yes Yes
Yes Yes Yes Yes
Yes Yes Yes No
Yes Yes Yes No
Yes Yes No Yes
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
No No No Yes Yes
No No No No Yes
No No No No No
User Details: Allow/Deny Lists User Details: Email Activity
Yes Yes
Yes Yes
Yes No
Yes No
No No
November 2010
GroupAdministrator
WindowAccess
DomainAdministrator
QuarantineManager
User Details: Web Activity Create Users Edit Users Delete Users User Synchronization User Synchronization Setup User Authentication
No No
Yes Yes
Yes Yes
No No
No No
No No
No No No
Yes Yes Yes
Yes Yes Yes
No No Yes
No No No
No No No
Groupstab
Groups : Groups list Groups: New Group Groups: Group Details Groups: Members Groups: Administrators Groups: Email Protection Policies No No No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No No No Yes No Yes Yes Yes Yes
Table 2: Email Protection Window Access Privileges

CustomerAdministrator DomainAdministrator PartnerAdministrator QuarantineManager GroupAdministrator
No
9
WindowAccess
Customer Feature Enablement Required
Overview
No
Yes
Yes
Yes
No
November 2010
GroupAdministrator
WindowAccess
DomainAdministrator
QuarantineManager
Policies tab Policy Sets Anti-virus: Action Anti-virus: Notifications Anti-SPAM: Classification Anti-SPAM: Content Groups Anti-SPAM: Reporting Content: Content Groups Content: Notifications Content: HTML Shield Content: Click Protect Attachments: File Types Attachments: File Name Policies Attachments: Additional Policies Attachments: Additional Notifications Enforced TLS: Actions Enforced TLS: Notifications Allow/Deny: Sender Allow Allow/Deny: Sender Deny Allow/Deny: Recipient Shield Notifications: Content Notifications: Attachment Group Subscriptions Disaster Recovery No No No No No No No No No No No No No No No No No No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No
November 2010
GroupAdministrator
10
WindowAccess
DomainAdministrator
QuarantineManager
Quarantine Tab Setup Tab Inbound Servers Setup Outbound Servers Setup
No
Yes
Yes
Yes
Yes
Yes
No Yes. Depending on your purchased package, this service might need to be enabled. Yes. Depending on your purchased package, this service might need to be enabled. Yes. Either FailSafe or Email Continuity must be enabled or included in your package. No No
Yes Yes
Yes Yes
Yes Yes
No No
No No
Outbound Disclaimer
Yes
Yes
Yes
No
No
Disaster Recovery Setup
Yes
Yes
Yes
No
No
MX Records Setup User Creation Settings Message Audit tab Message Search Perimeter Block Search Search History
Yes Yes
Yes Yes
Yes No
No No
No No
Message Audit must be enabled or included in your package
Yes Yes Yes
Yes Yes Yes
No No No
No No No
No No No
November 2010
GroupAdministrator
11
WindowAccess
DomainAdministrator
QuarantineManager
Reports tab Traffic Overview Threats Overview Threats: Viruses Threats: Spam Threats: Content Threats: Attachments ClickProtect: Overview ClickProtect: Click Log Quarantine: Release Overview Quarantine: Release Log User Activity Event Log Audit Trail Inbound Server Connections Disaster Recovery: Overview No No No No No No No No No No No No No No Yes. Either FailSafe or Email Continuity must be enabled. Yes. Either FailSafe or Email Continuity must be enabled. Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No No No No No No
Disaster Recovery: Event Log
Yes
Yes
Yes
Yes
No
November 2010
GroupAdministrator
12
WindowAccess
Partner Permissions for Administration

Before you can administer new customers, your partner contract must include the ability to provision customers within the Control Console and you might be required complete Partner Certification Training. Your service provider or your Parent Partner provisions your account and creates a Partner Administrator user account, which allows you to provision new customers within the Control Console. To perform most tasks described in this document, your partner account must have permissions for Customer Management. In addition, you must have permission to administer customers within each of the following product areas: Email Protection Email Archiving Web Protection
A partner without product administration permissions, but with customer management permissions, can still administer customers, domains, and users. However, such a partner cannot administer product capabilities for those entities. Instead, fields and links to windows that are restricted from a partner's administration will be grayed out. Note: You will have product administration permission for your own company, if your company uses Email Protection, Web Protection, or Email Archiving. Note: A customer can have permission for their own administration within product areas, even if the Partner managing that customer does not have permission.
Partner Hierarchy
A hierarchical relationship between two Partners can exist, with one Partner as a higher level Parent Partner and the other Partner considered a downstream partner to that parent. Normally, this hierarchy represents a business relationship between the two partners. A downstream Partner of one Partner can simultaneously be a Parent Partner of another Partner, if administered as such. In this case, the hierarchy becomes multi-tiered. For example, if Partner A is identified as Parent of Partner D, and Partner D is identified as Parent of Partner E, then Partner A is at the top of the hierarchy, Partner D is in the middle, and Partner E is at the bottom.
November 2010
13
Parent Partner Administration of Downstream Partners

The Partner Administrator of a Parent Partner can administer a downstream Partner. As a result, a Parent Partner Administrator can create, view, edit, and delete their downstream Partner accounts. A Parent Partner Administrator can access the following windows to administer their downstream Partners: Partner Accounts List Create Partner Edit Partner Partner Details Branding Distribution Lists MSP Connector - Configuration, Customers, Notification, and Audit Reports windows
Note: Though a Parent Partner Administrator can configure branding for a direct Partner, a Parent Partner Administrator cannot turn on the following options on the Create Partner or Edit Partner window: White label Private Branding
In addition, a Parent Partner cannot enable Customer Management nor enable the following capabilities: Email Protection Email Archiving Web Protection
Instead, your provider of these services must enable them. Note: In most cases, a downstream Partner can have permissions to manage its customers, even if the Parent of that Partner does not. However, if a Parent Partner is not allowed the following capabilities, downstream partners of that Parent Partner cannot be enabled for the capabilities either: Manage Intelligent Routing Use Message Audit Delegate Domain Management
Parent Partner Administration of Customers of Downstream Partners

If you have Customer Management permission and the appropriate permissions for product administration, and you have downstream Partners who, in turn, have their own customers, you have the ability to perform almost all of the tasks in this document for the customers of those downstream partners.
November 2010
14
To administer the customer of a downstream Partner, you can simply select the downstream Partner first from the Partner accounts list, then select the customer of that Partner. In addition, on most administration windows, the Customer drop-down menu at the top of the window lists all customers for whom you have administrative permissions, which can include your direct customers and those of your downstream partners. Note: As with any self-provisioning Partner, a Parent Partner cannot administer the passwords of a customer's users. A Parent Partner also cannot set the branding type of customers or customer domains. Your service provider must set the branding type for these entities. Note: If you are a Partner Administrator of a Parent Partner, but you are not enabled for Intelligent Routing, Message Audit, or delegating domain management to customers, you cannot enable downstream partners for these capabilities either.
Ensure the Customer Can Receive Email from the Service Provider
If the customer had or still has a different email security or filtering service and their network is administered so that the customer can receive email only from IP addresses associated with that security service, the customer must administer their network to allow incoming email from the Control Console servers. For example, a port in the customers company firewall may need to be enabled to receive email from the IP addresses of the Control Console servers. This enablement is necessary in order for you and the customers users to set the initial password for access to the Control Console.
Sign into the Control Console

To administer a customer, you must sign into the Control Console with the following steps: Note: The first time you sign in, you might need to create your password. If so, see Reset Your Password from the Sign in Page. 1 Open a browser on your computer and enter the URL for the Control Console. The URL should be identified in the Service Activation Guide you received from your provisioner. If you dont have the URL, contact your sales representative or Customer Support.
November 2010
15
2 3
At the Control Console Sign in page, enter your email address and password. Click Sign in. If you have not previously entered an answer to a security question, the Security Question window pops up.
The answer to the security question is used to validate you, the user, if you forget your password. You can later change your security question and/or security answer on the Preferences page of your user account. See Set User Display Preferences, Including Your Own in Account Management Administrator Guide. 4 Select a security question and type the answer. Your answer is not case-sensitive. Note: If you also use the Email Protection, you can also sign into the Control Console from a Spam Quarantine Report.
Reset Your Password from the Sign in Page

Note: This capability may not be available if the user authentication method is set to LDAP, POP3, or IMAP or if the ability to change passwords has been disabled at the system level. If you forget your password or want to reset it, perform the following steps:
November 2010
16
On the Sign in page, click the Forgot your password or need to create a password? link. The following window is displayed.
2 3 4
In the Username field, type your email address. Select Email password information to me. Click Next. You will receive an email momentarily with further instructions. Continue with Step 5.
Open the email message. The email subject line says Control Console Login Information. The email is similar to the following:
November 2010
17
Click the link in the email. The link is active for only a limited time after the email is sent (typically, 60 minutes).
If you previously had selected a security question, the security question is displayed. If you had not previously selected a security question, you will receive an error and must contact your administrator. Type the answer to the question in the Security Answer field. For the Security Question field, click Change if you need to change the security question or answer. You must answer this question when you forget your password or need to reset it. The Security Question and Security Answer fields are displayed. Select a question from the Security Question drop-down menu, then type an answer.
8 9
November 2010
18
10 In the Password field, type a password. The password must comply with the following rules: Length must be a minimum of 8 characters. Alpha, numeric, and special character types are allowed. There must be at least one character that differs in character type (alpha, numeric, or special) from the majority of characters. Thus, if the password contains mostly alpha characters, then at least one character must be either a special character or numeric. For example, majordude is invalid, but majordude9 is valid. Allowed special characters are: left parenthesis ( ( ) right parenthesis ( ) ) apostrophe ( `) tilde ( ~ ) exclamation ( ! ) @ hash ( # ) dollar sign ( $ ) percentage sign ( % ) caret ( ^ ) ampersand ( & ) asterisk ( * ) hyphen ( - ) plus sign ( + ) equals sign ( = ) bar ( | ) backslash ( \ ) left curly bracket ( { ) right curly bracket ( }) left bracket ( [ ) right bracket ( ] ) colon ( : ) semicolon ( ; ) double quotes ( " ) single quotes ( ' ) less than sign ( < ) greater than sign ( > ) period ( . ) question mark ( ? )
Spaces are not allowed. Passwords are case-sensitive (for example, Password, password, and PASSword would be different passwords). Make sure you can remember your password, but do not use obvious passwords (for example, password, your name, or a family members name). Keep your password safe and private.
11 Retype your password in the Confirm Password field. 12 Click Save.

To review the current list of customers, perform the following steps: 1 Click Account Management > Customers. The Customer Accounts list is displayed.
November 2010
19
Create a customer and activate package
The list displays the following information: Customer Name The customers name. Partner Name The name of the customers partner is displayed. Date Created The date that this customer was added to the Control Console. Domains The number of primary domains administered for this customer.
Download a List of Customers

To download the list of customers from the Customer Accounts list, click Download. The Control Console automatically generates a .csv file which you can save or open, normally using Microsoft Excel.
Create a customer and activate package solutions

Note: To perform this task, you must have permissions to manage customers and the specific applications.
Bundles and Packages

The customer provisioning steps are different, based on the selection of one of the following for Email Protection and similar selections for the Web Protection and Email Archiving: Standard Package A collection of features within one of the three product areas: Email Protection, Web Protection, or Email Archiving Service Bundle Package A combination of two or three products: Email Protection, Web Protection, and/or Email Archiving
November 2010
20
Perimeter Defense Package A basic email protections service that the customer cannot administer
For each product, you select a bundle or package from the drop-down menu.
These bundles and packages are described in Chapter 3. Service Bundles and Packages
Rules for Selecting Bundles and Packages

If you select a bundle for one product, you must select the same bundle for the other products that are included in that bundle. For example, if you select Bundle 01 Complete Security - Multi-Yr for the Email Protection product, you must select Bundle 01 - Complete Security - Multi-Yr for the Email Archiving and Web Protection products too, since all products are included in the bundle. If you select Bundle 03 - Email and Web Security for the Email Protection product, you must select Bundle 03 - Email and Web Security for the Web Protection product too. If you select a service bundle for Email Protection, you should change the quarantine period for the customer to 14 days. This is the quarantine period paid for within the bundle, but if the quarantine period administered is 7 days, the customer will not get the 14-day period they paid for. If you select an inbound Email Protection package with Email Continuity, but the customer does not want an outbound package, you must select Package 62 - Outbound Email Continuity to allow messages stored in Email Continuity to be filtered. If you select a service bundle for Email Protection, you must select a corresponding outbound package, either Outbound Email Continuity if the customer does not want outbound filtering, or Full Outbound Upgrade if they do want outbound filtering.
November 2010
21
The following table outlines which Outbound Packages are applicable based on the Inbound Package Selected.
Applicable Outbound Package Outbound Email Continuity Full Outbound Upgrade Specific Outbound Package
Any Service Bundle Ultimate Access / Email Protection and Continuity

Selected Inbound Package
Yes N/A
Yes N/A
N/A Yes
Ultimate Defense / Email Protection Critical Defense / Email Inbound Filtering Enterprise Defense with Email Continuity Any Enterprise Package without Email Continuity
N/A
N/A
Yes
N/A
N/A
N/A
Yes
N/A
Yes
N/A
N/A
Yes
Steps to Create a Customer

To create a customer, perform the following steps: 1 Click Account Management > Customers > Create.
November 2010
22
Note: Your company must be certified and have permission to enable your customers for the specific services listed on this window. If your company is not certified in, and therefore not able to, turn on certain services, the related fields on this window will not be available to you.
Field Partner Name Description Your company's name is displayed. If you have downstream Partners, this field is a drop-down menu of those Partners. Select the Partner whose customer you are creating.
November 2010
23
Field Customer Type
Description Select the type of customer, normally Enterprise. The other option, Service Provider, currently requires approval from McAfee. Enterprise - Designates that the Customer is able to use Groups to associate users with user groups, which then can be associated with policy sets. Service Provider - Contact McAfee to verify this assignment. Enter the company name of the customer. Enter the email address of the customers technical contact. Address and telephone contact information for the customer is required. Select the type of branding. The branding that a customer establishes for itself also determines the display of standard branding for that customer's domains. Co-brand - Displays the customer's branding attributes along with the service providers tagline. Private - (Available to select only by your service provider.) Displays the customer's branding attributes, including the customer's tagline, if defined. Private is the only branding type that can rename the Control Console. Private is also the only branding type that does not have the service provider brand in its URL. This type also allows a tagline to be defined for display for the domains that use Co-brand branding. Rebrand - Displays the customer's branding attributes. Rebrand does not use a tagline for the customer's account, but allows a tagline to be defined for display for the customer's domains who use Co-brand branding. Standard - Displays the customer's service provider branding attributes. This is the default branding type. White Label - (Available to select only by your service provider.) No branding attributes are displayed. However, this type allows a tagline to be defined for display for the domains that use Co-brand branding. Select this checkbox to allow the customer to add and delete domains. Select this checkbox to allow the customer to configure and manage their Managed Service Platform (MSP) Connector. Select this checkbox to allow the customer to manage Performance Reports. Select this checkbox to allow the customer administrator or domain administrator to search message details and histories collected by the Message Audit feature. Select an optional field and click Add to have the field appear on the Edit Customer and Customer Details pages.
Customer Name Contact Email Address and Telephone information Branding Type
Add and Delete Domains MSP Connector Performance Reports Message Audit
Optional Fields
November 2010
24
Field Email Protection Settings Inbound Package
Description
Select the package for inbound email security. If you select a service bundle, you must designate the same bundle for the other services that are included in that bundle. For example, if you select Bundle 02, which contains Email Protection and Email Archiving, then you must select Bundle 02 for Email Archiving. Select the package for outbound email security. An Inbound package must be selected before you can select an Outbound package. Enter the number of billed users of Email Protection. This number must match the number for Email Archiving and/or Web Protection, if those services are enabled as part of a bundle. From the drop-down menu, select the number of days that quarantined email stays in quarantine before it gets deleted. Select the Email Encryption checkbox to allow customers to use the Encrypt Message action when working with Outbound Policy Content Groups. Email Encryption may be used when the customer does not support encryption messages via other systems. Note: Email Encryption is only available for a selected Outbound package.
Outbound Package
Number of Billed Users
Quarantine Period Email Encryption
Number of Encryption Users Email Archiving Settings Email Archiving Package
Type the number of billed users selected to use the email encryption action. This number must be equal to or less than the number of messaging billed users.
From the drop-down list, select the Email Archiving package the customer ordered. If you select a service bundle, you must designate the same bundle for the other services that are included in that bundle. For example, if you select Bundle 02, which contains Email Protection and Email Archiving, then you must select Bundle 02 for Email Protection. Type the number of billed users of Email Archiving. This number must match the number for Email Protection and/or Web Protection, if those services are enabled as part of a bundle. In the drop-down lists, define the length of time in years, that Email Archiving will store messages retrieved directly from the Exchange Server journal mailbox. The length of time can be either 1, 3, 5 or 7 years. The months drop-down field is not available at this time. Type the maximum Gigabytes (GB) of storage the customer has available for messages that have been uploaded in bulk. The maximum is 250 GB. Storage amounts must be set in 25 GB increments.
Archive Retention Period
Historical Data Storage Limit
Web Protection Settings
November 2010
25
Create a Primary Domain
Field Web Protection Package
Description Select the package for web security. If you select a service bundle, you must designate the same bundle for the other services that are included in that bundle. For example, if you select Bundle 03, which contains Email Protection and Web Protection, then you must select Bundle 03 for Email Protection. Enter the number of billed users. This number must match the number for Email Protection and/or Email Archiving, if those services are enabled as part of a bundle.
Click Save.

A customer must always be configured for at least one primary domain. A primary domain is the domain used by users primary email address. A primary domain is normally the domain associated with an SMTP mail server. Note: If you have any downstream partners, you can also perform this task for the partners customers. Note: For Email Protection, a primary domain must be an actual domain within the customers network. To create a new domain, perform the following steps: 1 2 Click Account Management > Domains. If necessary, from the Customer drop-down menu, select the customer whose domain you are creating. If you have downstream Partners, their customers are also listed. The Domain Creation window is displayed.
November 2010
26
In the Domain field, type the fully-qualified domain name. This name should be registered within a DNS server and unique from outside of the company network. In this example, you type denver.acme.com. In the Contact Email field, type the email address of the customer administrator or the email address of the domain administrator, if there is one. In the Branding Type field, select the type of branding: Co-brand - Displays domain's branding attributes along with the service providers tagline. Private - (Available to select only by your service provider.) Displays the domain's branding attributes, including the domain's tagline, if defined. Private is the only branding type that can rename the Control Console. Private is also the only branding type that does not have the service provider brand in its URL. Rebrand - Displays the domain's branding attributes. Rebrand does not use a tagline for the domain's account. Standard - Displays the service providers or customer's branding attributes. This is the default branding type. White Label - (Available to select only by your service provider.) No branding attributes are displayed.
4 5
6 7 8
Select the Message Audit checkbox to allow the customer administrator to search message details and histories using Message Audit. For the User Alias Management section, click the Allow customer to manage user aliases checkbox.to allow Customer Administrators to create alias email addresses. In the Set limit to x aliases per user field, type the maximum number of allowed alias email addresses per user account in this domain.
November 2010
27
Select the Allow customer to manage domain aliases checkbox to allow customer administrators and domain administrators to create alias email addresses for users.
10 Click Save.
Create a Domain Alias, If Necessary

Your customer also may use domain aliases. For example, acme.org and acme.net might be domain aliases for your companys acme.com domain so that email mistakenly sent to addresses using acme.org or acme.net actually are sent to acme.com. You must add these domain aliases in the Control Console to ensure email to these domains are filtered and delivered. 1 2 3 Click Account Management > Domains. From the Customer drop-down menu, select the customer whose domains you are creating. If you have downstream Partners, their customers are also listed. On the Domain Management page, click the domain for which you want to add aliases. In our example, you would click acme.com. The Domain Details page is displayed.
Click Edit Aliases. The Domain Aliases page is displayed.
November 2010
28
Set up the Customers Inbound Servers
Complete the Add field, and click Add. For more information, click Help.
Set up the Customers Inbound Servers

You must configure the customers inbound servers to receive inbound email from Email Protection for the designated domain. All servers for a domain that receive inbound email from Email Protection must be configured on the Inbound Servers Setup window. Any server addresses designated here must be valid and available to connection from Email Protection. After the Save Changes button is clicked, the Email Protection immediately routes email to the active servers. 1 2 Click Email Protection > Setup. If necessary, click Inbound Servers. The Inbound Servers Setup window is displayed.
If necessary, from the Customer drop-down menu, select the customer whose server you are setting up. If you have downstream Partners, their customers are also listed.
November 2010
29
Add IP Address of Outbound Server, If
4 5 6
From the Domain drop-down menu, select the domain whose SMTP server you want to add. Click Add New Host. A new set of fields appears for the server. In the SMTP Host Address field, type the fully qualified DNS or IP address of the server host being configured. CIDR notation is not allowed. If you do not have a registered and valid DNS name for the email servers, you must enter the IP addresses of each server.
7 8
In the Port field, type the port on the server to which Email Protection will connect. The default value is 25. In the Preference field, type the number indicating order of connection preference between multiple servers. Email Protection attempts to connect first to the server with the lowest preference number. If that server is not available (either down or too busy), Email Protection tries the server with the next lowest preference number, and so on. If multiple servers have the same preference number, Email Protection will randomly route the email delivery between them. Click the Active checkbox to allow the server is immediately start accepting email traffic. Caution: If all servers are set to inactive, all emails received for this Domain will be tempfailed.
10 Click Save.
Delete an Inbound Server

To delete an inbound server, perform the following steps: 1 2 3 Access the appropriate domain on the Inbound Server Setup window. Click the Delete checkbox next to the server you want to delete. Click Save.
Add IP Address of Outbound Server, If Necessary

If the customers service includes Outbound Message filtering, you must identify one or more outbound mail servers through which the customers users send outgoing mail. While the outbound server might use a Domain Name Server (DNS) name within the customers network (for example, lewisoutbound.acme.com), you identify the outbound sever within Email Protection with an IP address (for example, 111.222.111.0).
November 2010
30
Alternatively, you can specify a Classless Inter-domain Routing (CIDR) address for a range of outbound servers (for example, 111.222.111.0/27) only. The address must be a public address. Any server addresses designated here must be valid and available for a connection. After the Save Changes button is clicked, Email Protection immediately accepts email traffic from the active servers. Note: If email is received from an outbound server that is not configured in the Email Protection system, it will be refused. If no outbound package has been designated for the selected domain, this window is unavailable. 1 Click Email Protection > Setup> Outbound Servers. The Outbound Server Setup page is displayed.
2 3 4 5 6
If necessary, from the Customer drop-down menu, select the customer whose server you are setting up. If you have client Partners, their customers are also listed. From the Domain drop-down menu, select the domain whose SMTP server you want to add. Click Add New Address, and add the address of the outbound server. Click Save. Record the address listed under Recommended Smart Host Server Settings. You should use this address to perform the next task, Have the Customer Set up a Smart Host (If Outbound Mail Protection is Turned on). Important: The customer should also do the following before or immediately after adding the outbound server(s): Update Sender Policy Framework (SPF) records on the customers mail server(s) to ensure only authorized sources are sending outbound email. Scan the network for open relays, viruses and malware.
November 2010
31
Refer to the Accepted Use Policy (AUP) at http://www.mxlogic.com/terms/aup/ index.cfm for information on bulk mail.
Delete an Outbound Server

To delete an outbound server, perform the following steps: 1 2 3 Access the appropriate domain on the Outbound Server Setup window. Click the Delete checkbox next to the server you want to delete. Click Save.
Have the Customer Set up a Smart Host (If Outbound Mail Protection is Turned on)
To ensure that the customers outbound email is filtered, the customer must designate, for each outbound mail server, an Email Protection server as the Smart Host. The customers outbound email is then relayed through Email Protection before continuing to its final destinations. See the customers Service Activation Guide for more details. Note: This task is performed on the customers outbound email server or servers, on the customers network router, or on some other server, depending on your customers network configuration.
Have the Customer Redirect the MX Records

The Mail Exchange (MX) record for each of the customers mail servers is a specification within a Domain Name Server (DNS Server) operated by the customers Internet Service Provider (ISP). Each MX record specifies a host name and preference that determines where and how the customers ISP routes company email. The customers MX record or records at the ISP must be changed to fully-qualified domain names (for example, denver.acme.com) within the Email Protection network. These changes allow Email Protection to filter customer email before it arrives at the customers mail servers. The customers Network Administrator or Domain Registrar is typically the individual responsible for making these changes. The information necessary for the customer to make these changes is provided in the customers Email Protection Activation Guide, which the customer receives when the customer is first signed up for service.
November 2010
32
Rebrand your interface and that of your
Confirm the Policies for Customer Domains

Email Protection has default inbound and outbound policies which are automatically assigned to each of the customers domains after each domain is defined. For many companies, the default policy filters email effectively and doesnt require changes. However, it is strongly recommended that your customer review the default policy to make sure the policy meets the customers needs. Information regarding review of the default policy is included in the following sections of the Email Protection Quick Start Guide. Confirm the Policies for Your Domains Check Message Quarantine Review Reports to Check Policies
If the policy does not meet customer needs, you or the customer, if enabled, can customize the policy. The way in which you customize policies varies, depending on whether the customer is a service provider customer or an enterprise customer. For information on customizing policies, see Customize Inbound Mail Filters in Email Protection Administrator Guide.
Have the Customer Lock Down the Customer Environment

Five to seven days after the customer has redirected the customers MX record, and after the customer has verified that email is being filtered and delivered appropriately, the customer should restrict all IP access to their mail server with the exception of the Email Protection subnets provided in their Service Activation Guide. This action ensures that no mail is presented to the customers mail server without filtering. Note: This task is performed on the customers inbound email server or servers or on the customers network firewall server.
Rebrand your interface and that of your customers

You can configure branding settings in the Control Console to provide a look and feel customized to your company or the customers organization. For example, you can designate that the default McAfee logo image in the Control Console be replaced with your organizations logo image. In addition, you can provide a URL with preferred naming for your company that the customers users can use to access the Control Console. As a partner, by virtue of rebranding the interface for your company, you automatically rebrand the interface of your customers and domains if they are designated to use standard branding. See the descriptions that follow.
November 2010
33
Types of branding
You can rebrand your interface on the Control Console if you are enabled for one of the four types of branding (see item 1 in the accompanying illustrations): White branding No logos or branding appear in the user interface. However, you can display and change the following items: Your company host name, which appears when users log in or receive spam notifications. The From Email address for SQR Reports A custom support email address You can also specify a co-brand tagline for your company. This tagline is displayed below the customer logo for users of any of your customers or their domains if the customer or domain is designated for co-branding.
Private branding Your company logo and tagline appears in the user interface. In addition, you can change the following items: Your company host name, which appears when users log in or receive spam notifications. The site name, which changes Control Console to a name of your choice The From Email address for SQR Reports A URL from which users can download the Spam Control for Outlook tool. A custom support email address You can also specify a co-brand tagline for your company. This tagline is displayed below the customer logo for users of any of your customers or their domains if the customer or domain is designated for co-branding.
Co-branding Your company logo appears, along with the parent accounts tagline. In addition, you can change the following items: Your company host name, which appears when users log in or receive spam notifications.
November 2010
34
The From Email address for SQR Reports A custom support email address
Rebranding Your company logo appears in the user interface without a tagline. In addition, you can change the following items: Your company host name, which appears when users log in or receive spam notifications. The From Email address for SQR Reports A custom support email address You can also specify a co-brand tagline for your company. This tagline is displayed below the customer logo for users of any of your customers or their domains if the customer or domain is designated for co-branding.
Available Branding Attributes

In addition to the logo and tagline, rebranding affects other aspects of the user interface, depending on the branding type. See the following table. For a definition of attributes, see Configure Branding at the Partner Level.
Table 3: Attributes of Branding

Customizable Attribute Company logo Customizable (by Type of Branding) Standard No. Displays service provider logo White Label Removed from display Private Yes Co-brand Yes Rebrand Yes
November 2010
35
Customizable Attribute Company tagline
Customizable (by Type of Branding) Standard No. Displays service provider tagline No. Displays service provider name White Label Removed from display Private Yes Co-brand No. Displays service provider tagline Yes. Applies only to customers and dependent domains whose branding type is Co-brand.a No. Displays Control Console or service provider name No. Displays McAfee Privacy Policy No. Displays service provider URL Yes Rebrand Removed from display
Co-brand tagline image
Yes. Applies only to customers and dependent domains whose branding type is Co-brand.a Removed from display
Yes. Applies only to customers and dependent domains whose branding type is Co-brand.a Yes
Yes. Applies only to customers and dependent domains whose branding type is Co-brand.a No. Displays Control Console or service provider name Displays McAfee Privacy Policy No. Displays service provider URL Yes
Control Console name
No. Displays Control Console or service provider name No. Displays McAfee Privacy Policy No. Displays service provider URL No. Displays news based on service provider setting No. Displays service provider email No. Displays service provider host name
Privacy Policy
Removed from display Removed from display Yes
Removed from display Yes
Spam Control for Outlook URL Display News
Yes
Support Email
Yes
Yes
Yes
Yes
Custom Hostname
Yes
Yes
Yes
Yes
a. If not set, Co-brand domains see logo of service provider.
November 2010
36
Levels of Branding
Customer branding settings override McAfee or partner branding settings. Domain branding settings override customer branding settings. If the domain branding settings are not set, the customer branding settings are used as the defaults. See Rebrand the User Interface of a Domain. The following table lists the effect of branding configuration on your account and your customers and your customers domains.
Branding Type Standard Partner Use settings from McAfee Customer Use settings from McAfee or, if partner has configured branding, use partners branding settings. Eliminates logo, tagline, and other branding attributes from display in customers account. Eliminates the same for the customers domains that use standard branding. Domain Use settings from McAfee or, if partner or customer has configured branding, use branding settings from partner or customer. Eliminates logo, tagline, and other branding attributes from display in domain interface.
White Label
Eliminates logo, tagline, and other branding attributes from display in partners account. Eliminates the same for the partners customers who have standard branding and the domains that use standard branding. Replaces the standard logo, tagline, and other branding attributes with the partners preferred attributes. Becomes the branding for the partners customers who have standard branding and the domains that use standard branding. Replaces the standard logo, and other branding attributes with the partners preferred attributes. Becomes the branding for the partners customers who have standard branding and the domains that use standard branding. Continues to use the standard McAfee tagline.
Private
Replaces the standard or partner-defined logo, tagline, and other branding attributes with the customers preferred attributes. Becomes the branding for the customers domains that use standard branding. Replaces the standard or partner-defined logo and other branding attributes with the customers preferred attributes. Uses the Partner Co-brand tagline image or uses the standard McAfee tagline if the Partner does not have a Co-brand tagline image configured
Replaces the standard, partner-defined, or customerdefined logo, tagline, and other branding attributes with the preferred attributes for the specific domain.
Co-brand
Replaces the standard, partner-defined, or customerdefined logo and other branding attributes with the preferred attributes for the specific domain. Uses the Customer's or Partner's Cobrand tagline image or uses the standard McAfee tagline if both the Customer and the Partner do not have a Cobrand tagline image configured
November 2010
37
Branding Type Rebrand
Partner Replaces the standard logo, and other branding attributes with the partners preferred attributes. Does not use a tagline, but allows the assignment of a tagline for display for customers and their domains. Becomes the branding for the partners customers who have standard branding and the domains that use standard branding.
Customer Replaces the standard logo, and other branding attributes with the customers preferred attributes. Does not use a tagline, but allows the assignment of a tagline for display for the customers domains. Becomes the branding for the customers domains that use standard branding.
Domain Replaces the standard, partner-defined, or customerdefined logo and other branding attributes with the preferred attributes for the specific domain. No tagline is used.
Configure Branding at the Partner Level

1 Click Account Management > Partners > Branding. The Branding Configuration window is displayed. The Branding Type field displays the type of branding you are enabled for. The Partner field displays your company name.
2 3
Skip the Enable Branding checkbox until you have completed the rest of the window. In the Custom Hostname field, type a custom hostname. The custom hostname changes the name contained within the URL listed in the Spam Quarantine Report and the URL for access to the Control Console. The custom hostname can be one of the following: Your standard service URL that was identified in your service agreement prepended with your brand name (e.g. acme.console.mcafeesaas.com)
November 2010
38
Your brand name that precedes portal or console and saascontrol.com (e.g. acme.console.saascontrol.com). Use of portal or console depends on your original URL designated in your service agreement.
In the From Email field, type the full email address that will be used as the From: email address when sending Spam Quarantine Reports (if Email Protection is enabled) and Performance Reports (if enabled). This email address must be valid to support the user clicking the Reply button in his/her email application. For example, a Customer Administrator at Acme company might have a support mailbox set up with the email address of spam-control@console.acme.com. In the Support Email field, type the full email address that will be used for customer and/or technical support and as the From: email address for lost password or alias email address requests. This email address must be valid to support the user clicking the Reply button in his/her email application. For example, a Customer Administrator at Acme company might have a support mailbox set up with the email address of support@console.acme.com. (For private branding only) In the Site Name field, type the full name that will appear as the title in your browser when viewing any of the Control Console windows. Once the change is applied, users will see the changed information the next time they sign into the Control Console. For example, the browser name for Acme Company might simply be a name like Acme Control Console. (For private branding only) In the Spam Control for Outlook URL field, type the full URL to the location where the Spam Control For Outlook utility will be available for download. (Applies to Email Protection only.) This field is used if the Allow users to download Spam Control For Outlook field is checked in the Control Console. Click the Display News checkbox to make the News area appear in the Sign in window and the Email Protection Overview window in the Control Console. (For private branding, rebranding, and co-branding only) In the Logo Image field, use the Browse button to select the graphic logo file. Navigate to the location of the graphic logo file, click to select the file, and click the Open button. The path and filename appear in the Logo Image field (for example, Acme company might have the logo ) that will appear in the Control Console windows. The graphic logo image must be a gif image that is no greater than 190x42 pixels in size for private or co-brand branding, and no greater than 190x63 pixels for rebrand branding.
8 9
10 (For private branding only) In the Tagline Image field, use the Browse button to select the graphic logo file. Navigate to the location of the graphic logo file, click to select the file, and click the Open button. This graphic is a secondary (tagline) logo that will appear in the Control Console windows below the graphic designated in the Logo Image field. For example, for a logo like , the tagline might say Your Brand for Generics. This tagline would appear for users at your company and for any customers and their domains who have Standard branding.
November 2010
39
Note: The graphic tagline image must be a gif image that is 190x21 pixels or less in size. 11 (For Private, White Label, and Rebrand branding only) In the Co-brand Tagline Image field, use the Browse button to select the graphic logo file. Navigate to the location of the graphic logo file, click to select the file, and click the Open button. This graphic is a secondary (tagline) logo that will appear in the Control Console windows below the graphic designated in the Logo Image field. For example, the tagline might say Powered by Acme Corp. This tagline would appear only for any customers and their domains who have Co-brand branding. Note: The graphic tagline image must be a gif image that is 190x21 pixels or less in size. 12 Click the Enable Branding checkbox to turn on branding. The Control Console will use your settings after you click Save. 13 Click Save. Customers and domains who are set to use standard branding see the same interface changes as you do.
Configure Branding for a Customer

Customers who do not have branding permissions or who use Standard branding see either branding from McAfee or branding you have established at the partner level. However, if a customer has been assigned a type of branding other than Standard, you can configure that customers branding on an individual basis. To customize branding for a customer, perform the following steps: 1 2 3 4 Click Account Management > Customers. Select a customer. Click Branding. Complete the Branding Configuration window as described in Configure Branding at the Partner Level.
Note: You can also brand the domains of a customer. For more information, see the Account Management Administrator Guide.

A protected user is one that cannot be deleted via bulk or batch processes within the Control Console. A protected user is normally a Customer Administrator account. In the event that a batch user upload or automatic synchronization with Active Directory does not include a users email address, the Control Console protects that address from being
November 2010
40
removed from the database. In this way, the users account is preserved on the Control Console so the user can continue to access the Control Console, regardless of the users status within the customers network. Note: Protected accounts receive email messages in the same way as those received by any other active account. 1 2 3 Click Account Management > Users. If necessary, from the Customer drop-down menu, select the customer. If you have downstream Partners, their customers are also listed. Click Create.
4 5
In the Creation Modes drop-down list, select Individual. See the online help for how to complete the remaining fields for adding users. Note: Group administration currently applies only to Email Protection and Web Protection. If you are using Email Archiving as a standalone application, ignore the Group Membership field.
For the user you just created, click Edit. The Edit User window is displayed.
November 2010
41
Administer Users
7 8
From the Status drop-down menu, select Protected. Click Save.
Administer Users
You or the customer should administer users on the Control Console. Although the Email Protection, if activated, uses SMTP Discovery to add users who are receiving email, this method might NOT add users who receive email infrequently. This method also adds users who might no longer work at the customers company, and might even add users who never worked at the customers company. There are several methods for adding users to a customer account. These methods include: Add Users Manually Add Users with Directory Integration Add Users with a Batch File Define how users log in Disable user access to the Control Console Turn on explicit user creation Create remaining users Create user aliases
Administering users can also include the following tasks:
For information on administering users, see Email Protection Quick Start.
November 2010
42
Administer Users
Administer Other Administrators

You or another administrator for your company can add other users with equal or more limited administrative privileges. This capability includes the ability to set the role of a user to that of Partner Administrator at your company, for a customer, or for a downstream partner, if you have any. Note: If you, as a Parent Partner, wish to add a Partner Administrator to a downstream Partner, you must do one of two things: If the downstream Partner is also a customer of a service, you can access the Partners customer account and a domain within the customer account, then add the Partner Administrator. If the downstream Partner is not also a customer of a service, you must access the account of a customer of the downstream Partner, access a domain within the customer account, and then add the Partner Administrator.
To create a user account with administrative access, perform the following steps: 1 2 Decide what administrative role each user should have. For more information, see Administrative Levels of Users. For the particular customer for which you are adding an administrator, click Account Management > Users. The User Management User List window is displayed. 3 4 From the Domain drop-down menu, select the domain in which the user resides. Click Create.
November 2010
43
Administer Users
5 6 7
In the Creation Modes drop-down list, select Individual. In the Email field, type the handle or prefix portion of the users email address. For more information on this field, see the online help. From the Role drop-down menu, select one of the following administrative roles for the user: Group Administrator Reports Manager Quarantine Manager Domain Administrator Customer Administrator Partner Administrator
See the online help for more information on completing the remaining fields on the window. Note: Group administration currently applies only to Email Protection and Web Protection. If you are using Email Archiving as a standalone application, ignore the Group Membership field.
November 2010
44
Customize Inbound Mail Filters (Optional)
Customize Inbound Mail Filters (Optional)

You or the customer can customize the default inbound policy for groups of users to fit the customers business needs. For more information on customizing policies, see the Email Protection Quick Start or, for details on all customizing options, see the Email Protection Administrator Guide.
Create Groups, If Necessary (Enterprise Customer Only)

You or the customer can create groups. Groups are used when there are users in the organization whose email should be filtered according to a policy other than the default policy. For example, you might have a support group that needs to receive email from a wide variety of customers, some of whom might send many advertisements via email. In this case, email to those customers might be blocked periodically by the default policy. In this case, you can create a group within Email Protection for Support, then create a new policy just for Support. Creating and applying groups is a three step process: 1 2 3 Create a new group. Assign individual User Accounts to the group. Create a new policy with special email filtering rules and associate the group to the policy.
Once completed, the users in the group will have their email filtered according to the newly created policy, instead of the email filtering rules in the default policy. Note: All users who are not assigned a group continue to receive email according to the default Email Protection policy. Also, users from up to three different domains can be assigned to the same group. For more information on creating groups, see the Account Management Administrator Guide.
Administer Disaster Recovery Services for the Customer

Disaster Recovery Services consists of one of two services:
November 2010
45
Fail Safe Fail Safe saves messages for later delivery if your mail server becomes unavailable. When your mail server becomes available, Fail Safe delivers the messages. Users cannot access their messages while messages are in Fail Safe only. Fail Safe has an unlimited amount of storage capacity but removes messages that have been in Fail Safe storage for more than 5 days. Email Continuity Email Continuity saves messages for later delivery if your mail server becomes unavailable. When your mail server becomes available, Email Continuity delivers the messages. Users can access their messages through a Webbased interface while messages are in Email Continuity only. Email Continuity also has unlimited storage capacity and removes messages that have been in Email Continuity storage for more than 60 days.
Either of these services are optional and available at additional cost. If a customer has purchased Disaster Recovery, you or the customer can administer Disaster Recovery. See Administer Disaster Recovery Services in the Email Protection Quick Start.

Managed Service Platform (MSP) Connector enables the delivery of email traffic and threat data directly to your ConnectWise network performance dashboards. The MSP Connector will only push data from the previous calendar month to the ConnectWise dashboard. All data will be kept for two calendar months. For example, in July, customers would be able to view data from both May and June. Customers who also subscribe to the ConnectWise network automation services will be able to obtain a quick, at-a-glance view of their monthly Email Protection traffic and threat data directly through the ConnectWise dashboard, without having to log into the Control Console. To utilize the MSP Connector capabilities, you should: Create a Partner Distribution list for MSP Connector notifications Configure your ConnectWise information on the Configuration window. Select the customers needed to push your data to ConnectWise. Enable Exception Notification if you wish to receive csv. files reporting data.
NOTE: To utilize this functionality the user must have ConnectWise 7.2 and an MSP Integration Add-On.
November 2010
46
Create a Partner Distribution List (for MSP Connector only)

If you are using MSP Connector to collect customer report data, you must create a distribution list of email addresses for yourself and other administrators within your company so MSP Connector can send exception notifications to those individuals in the event of a problem. To create a distribution list, perform the following steps: 1 2 3 4 5 6 Click Account Management > Partners > Distribution Lists. The Distribution Lists window is displayed. Click New. Type a name for the distribution list, and click OK. In the Member field, type an email address using a fully-qualified domain name (for example, joesmith@denver.acme.com). Click Add. The email address moves to the added box. Repeat steps 4 and 5 for each address you want to add to the distribution list. Note: You can add to a distribution list an alias name for a distribution list on another system such as a Microsoft Exchange Server. However, the email addresses in any list must be unique within the Control Console.
Configure the Partner MSP Connection

To configure your MSP connection to ConnectWise, perform the following steps: 1 Click Account Management > Partners > MSP Connector. The Configuration window is displayed.
November 2010
47
2 3 4
If you have downstream Partners, select the Partner from the Partner drop-down menu. Check the box to enable the ConnectWise integration Click the SSL: Enable to ensure your information is encrypted through Secure Socket Layer. NOTE: When SSL is disabled, a warning message displays. In the Site field, type your ConnectWise access site. In the Company ID field, type your ConnectWise Company ID. In the Integrator Username field, type your ConnectWise Integrator Username. In the Integrator Password field, type your Integrator Password for ConnectWise. Note: Click the Change Password button to update or change your Integrator Password information to match your Integrator Password to ConnectWise.
5 6 7 8
In the Time Zone drop-down menu, select the time zone on which to base the timestamp for the ConnectWise instances.
10 Click Test to make sure the connection works. 11 Click Save.
Add Customers for MSP Report Data

To add customers whose data will be included in MSP report data, perform the following steps: 1 2 Click Account Management > Partners > MSP Connector. Click Customers.
November 2010
48
The Customers window is displayed.
3 4 5 6
If you have downstream Partners, select the Partner from the Partner drop-down menu. To find a customer in a long list, type part of the customers name in the Filter search field and click Filter. Click the checkbox for each listed customer whose data you want sent to ConnectWise. Click Add.
Note: You can also add all customers for inclusion in report data with the Add All.
Turn on Exception Notifications for the Partners MSP Connection

To receive email notifications in case of errors in the transfer of data to ConnectWise, perform the following steps: Note: You must have first created a distribution list of email addresses before you enable notifications. See Create a Partner Distribution List (for MSP Connector only). 1 Click Account Management > Partners > MSP Connector.
November 2010
49
Click Notifications.
3 4 5
If you have downstream Partners, select the Partner from the Partner drop-down menu. Click the Exception Notification: Enable checkbox. Select a distribution list from the Exception Notification Distribution drop-down menu.
Note: If an error occurs, an email notification is sent within 24 hours, not immediately. The Exception Report is a .csv file, sent out at approximately 12:00 A.M. MT, which includes all failures that occurred in the last 24 hours. Failures may include one of the following: Failed - authentication Failed - connection Failed - invalid Company ID Failed - invalid Solution Name Failed - rejected Failed - unknown
View an MSP Connector Audit Report

To view an MSP Connector Audit Report, perform the following steps: 1 2 3 Click Account Management > Partners > MSP Connector. If you have downstream Partners, select the Partner from the Partner drop-down menu. Click Audit Report. A list of Audit Reports is displayed.
November 2010
50
The Status column lists the status of attempts to pass data to ConnectWise. 4 Double-click a report to view the details of the report. The details of the audit reports are displayed.
November 2010
51
November 2010
52
The following table lists the report items in the report

Report Item Status Description The following table defines the possible reports status in the Audit Report and the suggested actions to correct the status. Completed X domains succeeded Status Definitions Partially Completed X of Y domains failed No action required.
Suggested Actions Domains failed because they may not have been provisioned on the ConnectWise side.
Failed authenticatio n Failed connection Failed invalid Company ID Failed invalid Solution Name Failed rejected Failed unknown Domain Spam removed Viruses Removed Account Messages
Username, password, or site is invalid; check information on the ConnectWise side. ConnectWise server was moved ConnectWise server was offline ConnectWise network potentially down
Company ID may have changed on the ConnectWise side
Contact Support.
Domains failed because they may not have been provisioned on the ConnectWise side. Contact Support
The customer's domain. The total number of inbound messages detected as medium or high-likelihood spam for the previous calendar month. The total number of messages with known viruses ("infected emails") for the previous calendar month. The total number of messages successfully delivered to the receiving MTA for the previous calendar month.
November 2010
53
Report Item Total Messages
Description The total number of messages processed for the previous calendar month. Note: The sum of Spam Removed, Viruses Removed and Account Messages may not equal the Total Messages.
Spam Removed
The total number of inbound messages detected as medium or high-likelihood spam starting from the beginning of the current calendar year through the date the report was generated. The total number of messages with known viruses ("infected emails") starting from the beginning of the current calendar year through the date the report was generated. The total number of messages successfully delivered to the receiving MTA starting from the beginning of the current calendar year through the date the report was generated. The total number of messages processed starting from the beginning of the current calendar year through the date the report was generated Note: The sum of Spam Removed, Viruses Removed and Account Messages may not equal the Total Messages.
Viruses Removed Account Messages
Total Messages
Download an Audit Report

You can download an Audit Report in the form of a .csv file by clicking Download.
Sample ConnectWise Configuration page

On the ConnectWise end of the connection, you administer the connection on the ConnectWise Configuration page.
November 2010
54
For this connection, the Configuration Type is always SpamStats. For the Domain Name, you enter your companys domain.
Configuring MSP Connector for Customers

Enabling MSP Connector for Customer enables this customer to send their downstream Domain level data to ConnectWise. This selection has no bearing on whether this customers data will be sent within your Partner MSP Connector service. You configure MSP Connector for customers in a very similar way to that of your own configuration. However, instead of identifying customers for data collection, you identify the domains of the customer for data collection. See the Email Protection Administrator Guide for more information.
November 2010
55
Important: In the ConnectWise configuration for a customer, on the SpamStats configuration, you must configure each primary domain of the customer separately. Also, for a customers SpamStats configuration, you specify the customers domains, not your partner domains.

Message Audit is a search tool within the Email Protection, which provides a basic selfservice message audit capability so customers and partners can research message disposition themselves. Message Audit will improve customer satisfaction and customer responsiveness by providing a self-help message audit and header analyzer capability so that partners and customers can quickly search and audit messages. Message Audit has the following capabilities: Message Search Perimeter Block Search Search History
For more information, see Message Audit Quick Start Guide, which is posted on the Partner Portal under Support.
November 2010
56
Review the List of Partners
2. Administering Downstream Partners

Review the List of Partners
To review the current list of Partners, perform the following steps: 1 Click Account Management > Partners. The Partner Accounts list is displayed.
The Partner Accounts List lists the following information: Partner Name The partners name. Parent Partner The Parent Partner of the Partner, as administered on the Create Partner screen. As a Partner Administrator for a Parent Partner, you can designate a downstream Partner to be a Parent Partner also, in which case, that Partner will have its own downstream Partners. This designation normally reflects a business relationship between the Partners, such as a distributorship. Date Created The date that this Partner was added to the Control Console. Partners - The number of direct downstream Partners of the Partner. This number does not include downstream Partners of downstream Parent Partners. Customers - The number of customers of each direct downstream Partner. Domains - The cumulative number of primary domains of all customers of each direct downstream Partner.
Create a Partner
To create a Partner, perform the following steps: 1 Click Account Management > Partners > Create.
November 2010
57
Create a Partner
Complete the fields as described in the following table.
Note: Required fields are marked with an asterisk.

Field Partner Name Parent Partner Contact Email Address Telephone Max Quarantine Period Description Enter the company name of the Partner. Select the company name of the Parent Partner, if any, to which this Partner is contracted as a downstream Partner. The default is your company. Enter the email address of the customer contact. Enter or select the street address, city, country, state/province, and zip/postal code. Enter the telephone number. Select the maximum quarantine period.
November 2010
58
Create a Partner
Field Branding Type
Description Select the type of branding. The branding that a partner establishes for itself also determines the display of standard branding for that partner's customers and their domains. Co-brand - Displays the partner's branding attributes along with the service providers tagline. Private - (Available only if previously assigned by your service provider.) Displays the partner's branding attributes, including the partner's tagline, if defined. Private is the only branding type that can rename the Control Console. Private is also the only branding type that does not have the service provider brand in its URL. This type also allows a tagline to be defined for display for the customers and/or domains that use Co-brand branding. Rebrand - Displays the partner's branding attributes. Rebrand does not use a tagline for the partner's account, but allows a tagline to be defined for display for the partner's customers and/or domains who use Co-brand branding. Standard - Displays the partner's service provider branding attributes. This is the default branding type. White Label - (Available only if previously assigned by your service provider.) No branding attributes are displayed. However, this type allows a tagline to be defined for display for the customers and/or domains that use Co-brand branding. (Available to select only by your service provider.) A checked box indicates the Partner can administer customers. This field applies only to permissions to use of the Control Console to manage customers. Partners might also have permission to manage customers using the API. In addition, a Parent Partner can manage customers on behalf of its downstream Partners even if the Parent Partner doesn't have permissions to manage their own direct customers.
Customer Management
Message Audit
Checking the box allows the Partner to research specific message disposition information based on the Message Details, Message ID or Message Header. Note: If the Partner is a Parent Partner, but is not allowed to use Message Audit, downstream partners of this Parent Partner cannot be enabled for Message Audit use either.
Intelligent Routing Email Protection Email Archiving Web Protection Performance Reports Optional Fields
Checking the box allows the Partner to administer Intelligent Routing on behalf of their customers. (Available to select only by your service provider.) A checked box indicates the Partner can administer Email Protection on behalf of their customers. (Available to select only by your service provider.) A checked box indicates the Partner can administer Email Archiving on behalf of their customers. (Available to select only by your service provider.) A checked box indicates the Partner can administer Web Protection on behalf of their customers. Checking the box allows customers to manage Performance Reports under this Partner. Select an optional field. Click Add to have the field appear on the Edit and Details pages.
Click Save.
November 2010
59
Edit or Change a Partner
Edit or Change a Partner

You can change or edit a Partners configuration the Edit Partner screen. To edit a Partner, perform the following steps: 1 2 3 4 Click Account Management > Partners. Click on a Partner on the list. Click Edit. See the field descriptions in the online help or in the previous procedure, Create a Partner.
Delete a Partner
You can delete a Partner from the Partner Details screen. Note: All partner accounts, customer accounts, and domains that are subordinate to a Partner must be manually moved or deleted before the Partner account may be deleted. To delete a Partner, perform the following steps: 1 2 3 4 Click Account Management > Partners. Click on a Partner on the list. The Partner Details screen is displayed. Click Delete. A confirmation screen is displayed. Click OK.
Branding, Distribution Lists, and MSP Connector

You can administer the following on behalf of a downstream Partner: Branding (see Rebrand your interface and that of your customers) Distribution Lists (see (Create a Partner Distribution List (for MSP Connector only) MSP Connector (see Administer MSP Connector)
You can also administer customers of a downstream Partner as described in Chapter 1. Administering Customers.
November 2010
60
3. Service Bundles and Packages

McAfee Service Bundles include at least two of three services. Each service bundle includes Email Security.
Bundle Package Web & Email Protection Suite
Bundle Inclusions (full descriptions below) Email Security and Web Security
Is an Outbound Pkg Reqd? Yes
Applicable Outbound Package(s) Outbound Full -orOutbound Email Continuity Outbound Full -orOutbound Email Continuity Outbound Full -orOutbound Email Continuity
Email Security & Archiving - 1 year or multi-year Web & Email Security w Arch - 1 year or multi-year
Email Security and Email Archiving
Yes
Email Security, Email Archiving and Web Security
Yes
Managed Service Bundles Detail:

Email & Web Security Bundle inclusions Email Security
Advanced spam blocking, including Premium Multi-Language Anti-Spam Filter Triple virus and worm scanning Content and attachment filtering Email attack protection Fraud protection Email Continuity, including outbound virus filtering Control Console administration and reporting portal Sophisticated quarantine management 14-day spam quarantine Automated, around-the-clock email threat monitoring and protection
November 2010
61
Web Security
Anti-spyware scanning Anti-virus scanning Anti-phishing protection Group policies management IP- and user-level authentication URL Filtering Safe Search Protection Peer-to-peer Site Blocking Streaming Media Site Blocking Control Console admin and reporting portal Automated, around-the-clock Web threat monitoring and protection
Email Security & Archiving, both 1-yr. and multi-yr., inclusions Email Security
Advanced spam blocking, including Premium Multi-Language Anti-Spam Filter Triple virus and worm scanning Content and attachment filtering Email attack protection Fraud protection Email Continuity, including outbound virus filtering Control Console administration and reporting portal Sophisticated quarantine management 14-day spam quarantine Automated, around-the-clock email threat monitoring and protection
Archiving
One gigabyte of storage per user, per year, with an increase of one gigabyte per user, for each additional year of service Advanced search options and fast, accurate information retrieval by authorized persons Multiple levels of permissions/authority for employers, compliance officers, corporate officers and legal departments Definable retention policies based on content Single Instance Storage Real-time data backups Storage capabilities for comments and notes Flexible options for creating automatic or ad hoc reports Audit trails provide comprehensive activity logs For multi-year packages, journaled email retention times of 3, 5, or 7 years, assigned during provisioning
November 2010
62
Complete Security bundles, both 1-yr. and multi-yr., inclusions Email Security
Advanced spam blocking, including Premium Multi-Language Anti-Spam Filter Triple virus and worm scanning Content and attachment filtering Email attack protection Fraud protection Email Continuity, including outbound virus filtering Control Console administration and reporting portal Sophisticated quarantine management 14-day spam quarantine Automated, around-the-clock email threat monitoring and protection (Optional) Outbound message filtering
Web Security
Anti-spyware scanning Anti-virus scanning Anti-phishing protection Group policies management IP- and user-level authentication URL Filtering Safe Search Protection Peer-to-peer Site Blocking Streaming Media Site Blocking Control Console admin and reporting portal Automated, around-the-clock Web threat monitoring and protection
Archiving
One gigabyte of storage per user, per year, with an increase of one gigabyte per user, for each additional year of service Advanced search options and fast, accurate information retrieval by authorized persons Multiple levels of permissions/authority for employers, compliance officers, corporate officers and legal departments Definable retention policies based on content Single Instance Storage Real-time data backups Storage capabilities for comments and notes Flexible options for creating automatic or ad hoc reports Audit trails provide comprehensive activity logs
November 2010
63
For multi-year packages, journaled email retention times of 3, 5, or 7 years, assigned during provisioning
November 2010
64
Inbound Email Protection Packages

Inbound Package Options Pkg 01 In Ultimate Defense / Email Protection Definition Triple Virus Scanning, Spam blocking including the AntiSpam Classifier, Email Attack Protection, Content and Attachment Filtering, plus Outbound Email Filtering, and Fail Safe Disaster Recovery Triple Virus Scanning, Spam blocking including the AntiSpam Classifier, Email Attack Protection, Content and Attachment Filtering Enterprise defense includes Spam blocking, Email Attack Protection, Content and Attachment Filtering with add-ons available MX Enterprise Plus Defense, plus Triple Virus protection MX Enterprise Plus Defense, plus Fail Safe MX Enterprise Plus Defense, Triple Virus protection and Fail Safe Disaster Recovery MX Enterprise Plus Defense, plus Double Virus protection MX Enterprise Plus Defense, plus Double Virus protection and Fail Safe Disaster Recovery MX Enterprise Plus Defense, plus Triple Virus protection and Email Continuity Disaster Recovery Is an Outbound Pkg Reqd? Yes Applicable Outbound Package(s) Pkg 01 Out Ultimate Defense
Pkg 02 In Critical Defense / Email Inbound Filtering
Not allowed
No Outbound Package is allowed
Pkg 40 In - Ent Plus
Optional
Pkg 40 Out - Ent Plus
Pkg 41 In - Ent Plus -TPL Virus Pkg 42 In - Ent Plus -FS Pkg 43 In - Ent Plus -FSTPL Virus
Optional
Pkg 41 Out - Ent Plus TPL Virus Pkg 42 Out - Ent Plus Pkg 43 Out - Ent Plus TPL Virus
Optional Optional
Pkg 44 In - Ent Plus DBL Virus Pkg 45 In - Ent Plus -FSDBL Virus
Optional
Pkg 44 Out - Ent Plus DBL Virus Pkg 45 Out - Ent Plus DBL Virus
Optional
Pkg 46 In - Ent Plus -MCTPL Virus
Yes
Pkg 46 Out - Ent Plus TPL Virus -or- Outbound EC
November 2010
65
Inbound Package Options Pkg 47 In - Ent Plus -MCDBL Virus
Definition MX Enterprise Plus Defense, plus Double Virus protection and Email Continuity Disaster Recovery Basic protection against inbound spam from highvolume spam sources
Is an Outbound Pkg Reqd? Yes
Applicable Outbound Package(s) Pkg 47 Out - Ent Plus DBL Virus -or Outbound EC
Pkg 91 In- Perimeter Defense
Noa
Pkg 91 Out Perimeter Defense
a. Selected only to ensure no live outbound package is selected
November 2010
66
Outbound Email Protection Packages

Outbound Package Options Description
Pkg 01 Out Ultimate Defense / Email Protection Pkg 03 Out Ultimate Access / Email Protection and Continuity Pkg 40 Out - Ent Plus Pkg 41 Out - Ent Plus -TPL Virus Pkg 42 Out - Ent Plus Pkg 43 Out - Ent Plus -TPL Virus Pkg 44 Out - Ent Plus -DBL Virus Pkg 45 Out - Ent Plus -DBL Virus Pkg 46 Out - Ent Plus -TPL Virus Pkg 47 Out - Ent Plus -DBL Virus Pkg 62 - Outbound Full Pkg 91 Out - Perimeter Defense
MX Ultimate Defense, Outbound (Pkg 01 In) MX Ultimate Access, Outbound (Pkg 03 In) MX Enterprise Plus Defense, Outbound (Pkg 40 In) MX Enterprise Plus Defense, Outbound plus Triple Virus protection (Pkg 41 In) MX Enterprise Plus Defense, Outbound (Pkg 42 In) MX Enterprise Plus Defense, Outbound plus Triple Virus protection (Pkg 43 In) MX Enterprise Plus Defense, Outbound plus Double Virus protection (Pkg 44 In) MX Enterprise Plus Defense, Outbound plus Triple Virus protection (Pkg 45 In) MX Enterprise Plus Defense, Outbound plus Triple Virus protection (Pkg 46 In) MX Enterprise Plus Defense, Outbound plus Double Virus protection (Pkg 47 In) Full outbound email filtering (available only when choosing a Service Bundle) Perimeter Defense does not filter against outbound email. Used to ensure no live outbound package
See the Outbound Package Selections Table for details on which Outbound Package should be selected, based on the Inbound Package selection.
Email Archiving packages

There are only two packages, Email Archiving - 1 yr. and Email Archiving - Multi-yr. These packages include one gigabyte of storage per user, per year. Search capabilities for both end Users and Administrators to find and retrieve stored messages. Bundles that include Email Archiving are described at Email Security & Archiving, both 1-yr. and multi-yr., inclusions and Complete Security bundles, both 1-yr. and multi-yr., inclusions
November 2010
67
Web Protection Package

Name Definition
WDS Total Control + IP Range Authentication / Web Protection
Provides URL, Anti-Phishing, Anti-Spyware and Anti-Virus filtering Allows for Explicit User Authentication and or IP Address Authentication
Bundles that include Web Protection are described at Email & Web Security Bundle inclusions and Complete Security bundles, both 1-yr. and multi-yr., inclusions.
November 2010
68

McAee SaaS Email Protection-Quickstart PDF

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

McAee SaaS Email Protection-Quickstart PDF

Enviado por

Direitos autorais:

Formatos disponíveis

Partner Quick Start for Email Protection

Last Update: June 2010 Updated: November 2010

Proprietary and Confidential

Partner Quick Start for Email Protection

RESTRICTION ON USE, PUBLICATION, OR DISCLOSURE OF PROPRIETARY INFORMATION. Copyright 2010 McAfee

Partner Quick Start for Email Protection

Partner Quick Start for Email Protection

2 Administering Downstream Partners. . . . . . . . . . . . . . . . . . . . . . . . . 57

3 Service Bundles and Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Partner Quick Start for Email Protection

Quick Start Checklist

1. Administering Customers Quick Start Checklist

Review the List of Customers

Create a customer and activate package solutions

Partner Quick Start for Email Protection

Quick Start Checklist

Rebrand your interface and that of your customers

Set up a protected user

Partner Quick Start for Email Protection

Who Should Use This Document

Task Administer Disaster Recovery Services for the Customer

Administer MSP Connector

Configure Message Audit

Who Should Use This Document

Administrative Levels of Users

Partner Quick Start for Email Protection

Who Should Use This Document

Partner Quick Start for Email Protection

Who Should Use This Document

Recommended Browsers for Control Console

Administrative Windows Accessible by Administrators

Table 1: Account Management Window Access Privileges

Partner/ Customer Feature Enablement Required

Partner Quick Start for Email Protection

Who Should Use This Document

Yes. Branding type must be White Label, Co-branding, Rebrand, or Private No No No No

Yes Yes Yes Yes

Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes

Partner/ Customer Feature Enablement Required

Partner Quick Start for Email Protection

Who Should Use This Document

Yes. Performance Reports must be enabled

Partner/ Customer Feature Enablement Required

Partner Quick Start for Email Protection

Who Should Use This Document

Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes

Yes No Yes Yes Yes

Yes No Yes Yes Yes

Yes No Yes Yes Yes

Yes Yes Yes Yes

Yes Yes Yes Yes

Yes Yes Yes No

Yes Yes Yes No

Yes Yes No Yes

Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes

User Details: Allow/Deny Lists User Details: Email Activity

Partner/ Customer Feature Enablement Required

Partner Quick Start for Email Protection

Who Should Use This Document

Yes Yes Yes