Forefront Client Security Architecture and Licensing

Q: (from Keith)

Is there a resource for using the Forefront product and to help me understand what parts and pieces are required from a licensing perspective?


When you are looking for Forefront, I’m going to assume you mean Forefront Client Security (not Exchange, SharePoint, OCS, Threat Management, Identity, etc.). For Forefront Client Security, there are three key parts: the client, the management console, and the database. Here are some quick guidelines:

  • How many clients need to be covered? This is not only desktops & laptops, but are you also providing virus, spyware, & malware protection for the server machines (they are viewed as a client at this level)
  • Does the customer already have SQL Server? SQL is required for Forefront. You can either license the Management Console or the Management Console with SQL. Although an existing SQL license can cover Forefront; if you license the SQL with the Management Console, that SQL license can only be used for Forefront.

Here is the licensing page:


For more design and architectural resources:


For future reference, we’ve started to adopt a standard structure and organization for our server technology websites:

  • Start with
  • From the product’s home page, you will find links to case studies, licensing, and technical information. That’s literally where I pulled the two links above.


And although it is three years old, slide #9 from the following deck provides a decent diagram regarding Forefront architecture and process flow:

Another view, based on Forefront deployment at Microsoft, is found on page 12 of:



Comments (0)

Skip to main content