Creating and assigning a management server list for a Symantec Endpoint Protection Manager

Article:TECH103175  |  Created: 2007-01-31  |  Updated: 2009-01-16  |  Article URL http://www.symantec.com/docs/TECH103175
Article Type
Technical Solution

Product(s)

Environment

Issue



You have multiple SEPM systems in your environment and wish the clients to communicate only to specific ones

Symptoms
You have multiple SEPMs in your environment but only want certain ones used by SEP clients



Solution



Adding a management server list

If your enterprise has multiple Symantec Endpoint Protection Managers, you can create a customized management server list. The management server list specifies the order in which clients in a particular group connect. Clients and optional Enforcers first try to connect to Symantec Endpoint Protection Managers that have been added with the highest priority. If Symantec Endpoint Protection Managers with the highest priority are not available, then clients and optional Enforcers try to connect to management servers with the next higher priority. A default management server list is automatically created for each site. All available Symantec Endpoint Protection Managers at that site are added to the default management server list with the same priority.

If you add multiple Symantec Endpoint Protection Managers at the same priority, then clients and optional Enforcers can connect to any of the Symantec Endpoint Protection Managers. Clients automatically balance the load between available Symantec Endpoint Protection Managers at that priority. You can use HTTPS protocol rather than the default HTTP for communication. If you want to secure communication further, you can customize the HTTP and HTTPS port numbers by creating a customized management server list. However, you must customize the ports before clients are installed or else the client-to-management server communication is lost. If you update the version of the Symantec Endpoint Protection Manager, you must remember to re-customize the ports so that the clients can resume communication.

After you add a new management server list, you must assign it to a specific group or location or both.

See the "Assigning a management server list to a group and location" section below.

To add a management server list:

  1. In the Symantec Endpoint Protection Manager console, click Policies.
  2. In the Policies page, under View Policies, click Policy Components > Management Server Lists
  3. In the Policies page, under Tasks, click Add a Management Server List .
  4. In the Management Server Lists dialog, type the name of the management server list that you want to add in the Name box.
  5. In the Management Server Lists dialog, type the optional description of the management server list that you want to add in the Description box.
  6. In the Management Server Lists dialog, click Add. Setting up connections between management servers and clients or optional enforcers.
  7. In the Add a Server dialog, type the IP address or host name of the management server in the Server address box.
  8. In the Add a Server dialog, select the type of protocol that you want to use for communication between the clients, optional Enforcers, and Symantec Endpoint Protection Managers:
    • Use HTTP protocol: The default setting is Use HTTP protocol
    • Use HTTPS protocol: Use this option if you want Symantec Endpoint Protection Managers to communicate by using HTTPS and if the server is running Secure Sockets Layer (SSL).
  9. If you require verification of a certificate with a trusted third-party certificate authority, check 'Verify certificate when using HTTPS protocol'
  10. In the Management Server Lists dialog, click Add and select New Priority. A new priority is created.
  11. Repeat step 10 for as many additional priorities as you need to add.
  12. In the Management Server dialog, under Management Servers, select the priority to which you want to add an IP address or host name of a management server.
  13. In the Management Server Lists dialog, click Add and select New server.
  14. In the Add Management Server dialog, type the IP address or host name of the Symantec Endpoint Protection Manager in the Server address box.
  15. If you want to change the default port number for the HTTP protocol, check Customize HTTP port number. If you customize the HTTP port number after client deployment, clients lose communication with the Symantec Endpoint Protection Manager.
  16. Type the number of the port that you want to use. The default port number for the HTTP protocol is 8014.
  17. If you want to change the default port number for the HTTPS protocol, check Customize HTTPS port number. The default port number for the HTTPS protocol is 443. If you customize the HTTPS port number after client deployment, clients lose communication with the Symantec Endpoint Protection Manager.
  18. Repeat steps 13 through 17 for as many times as you need for each priority that you select. Setting up connections between management servers and clients or optional enforcers.
  19. In the Add Management Server dialog, click OK.
  20. In the Management Server Lists dialog, click OK.

Assigning a management server list to a group and location

After you add a policy, you need to assign it to a group or a location or both. Otherwise the management server list is not effective. You must have finished adding or editing a management server list before you can assign the list.

To assign a management server list to a group and location:

  1. In the Symantec Endpoint Protection Manager console, click Policies .
  2. In the Policies page, under View Policies, click Policy Components > Management Server Lists.
  3. In the Policies page, under Tasks, click Assign the list.
  4. In the Apply Management server list, check the groups and locations to which you want to apply the management server list.
  5. Click Assign.
  6. When you are prompted, click Yes.




References
To learn more about management servers please review Chapter 8 "Setting up connections between management servers and clients" in the Administration_guide.pdf.





Legacy ID



2007123110045548


Article URL http://www.symantec.com/docs/TECH103175


Terms of use for this information are found in Legal Notices