Network architecture considerations
| Article:HOWTO55114 | | | Created: 2011-06-29 | | | Updated: 2011-12-17 | | | Article URL http://www.symantec.com/docs/HOWTO55114 |
You can install Symantec Endpoint Protection for testing purposes without considering your company network architecture. You can install Symantec Endpoint Protection Manager with a few clients, and become familiar with the features and functions.
See Planning the installation.
When you are ready to install the production clients, you should plan your deployment based on your organizational structure and computing needs.
You should consider the following elements when you plan your deployment:
Symantec Endpoint Protection Manager
Administrators use Symantec Endpoint Protection Manager to manage security policies and client computers. You may want to consider the security and availability of the computer on which Symantec Endpoint Protection Manager is installed.
Administrators can use a remote computer that runs the console software to access Symantec Endpoint Protection Manager. Administrators may use a remote computer when they are away from the office. You should ensure that remote computers meet the remote console requirements.
Remote computers may have slower network connections. You may want to use a different installation method than the one you use to install to local computers.
Portable computers such as notebook computers
Portable computers may not connect to the network on a regular schedule. You may want to have portable computers get updates from the LiveUpdate server rather than Symantec Endpoint Protection Manager.
Computers that are located in secure areas
Computers that are located in secure areas may need different security settings from the computers that are not located in secure areas.
You identify the computers on which you plan to install the client. Symantec recommends that you install the client software on all unprotected computers, including the computer that runs Symantec Endpoint Protection Manager.
You decide how you want to manage the computers. In most cases, you manage the computers from the Symantec Endpoint Protection Manager console. These are called "managed computers". You might want to manually manage the portable computers that connect to the company network intermittently, such as mobile devices like notebook computers. A manually-managed computer is called an "unmanaged computer". Computers that never connect to the company network are by definition, unmanaged computers (because they never connect to the Symantec Endpoint Protection Manager) .
You organize the computers with similar security needs into groups. For example, you might organize the computers in the Payroll department into the Payroll group. The group structure that you define most likely matches the structure of your organization.
You create the groups by using Symantec Endpoint Protection Manager. Adjust the security policy settings for the groups that require additional restrictions.
You assign the computers to the groups. You can assign computers to groups during client installation. You can also assign computers to groups from the console after client installation.
|
|
Legacy ID
v19543152_v59371754
Article URL http://www.symantec.com/docs/HOWTO55114
Terms of use for this information are found in Legal Notices
Thank you.