Understanding "Explicit Group Update Providers (GUPs) for Roaming Clients" in Symantec Endpoint Protection (SEP) 12.1.2
|Article:TECH198640|||||Created: 2012-10-19|||||Updated: 2012-11-15|||||Article URL http://www.symantec.com/docs/TECH198640|
To turn clients into GUPs, first configure single or multiple Group Update Providers. A client will become a GUP when the data entered matches its own attributes. The Explicit Group Update Provider list will then be used to map the clients to their respective Explicit GUPs.
- A Server Farm Subnet with Network Address 10.0.0.0
- A Marketing Subnet with Network Address 184.108.40.206
- An Engineering Subnet with Network Address 192.168.10.0
- Identify the machines in the Server Farm Subnet that will become the GUPs
- Configure these two computers as Multiple Group Update Providers:
- Configure the clients in the Marketing Subnet 220.127.116.11 to use one of the GUPs in the Server Farm Network
- Configure the clients in the Engineering Subnet 192.168.10.0 to use one of the GUPs in the Server Farm Network
This can be done by either specifying the IP Address of an individual GUP in the Server Farm Network, or by specifying the Network Address of the Server Farm Network.
Note: You can calculate the value of the Client Subnet Network Address and the GUP Subnet Network Address by using one of the subnet calculators readily available on the Internet. This address is sometimes also referred to as the network prefix or network ID.
- Configure the clients in the Marketing Subnet 18.104.22.168 to use a GUP with IP Address 10.10.10.1 in the Server Farm Network
- Configure the clients in the Engineering Subnet 192.168.10.0 to use any GUP in the Server Farm Network by specifying its Network Address
The workflow could be summarized as follows:
- The Administrator uses a 12.1.2 SEPM to create mapping via a Policy: This Maps "client subnet" to "GUP to use".
- A SEP 12.1.2 Client parses the new policy and extracts relevant data from the GUP list to select the new GUP Type.
- The SEP 12.1.2 Client then verifies:
"Am I in the subnet that is supposed to use the Explicit GUP?"
"Which subnet is the Explicit GUP in - is it in a different subnet than mine?"
"Who is the actual GUP?"
- The Client will first try to use available local GUPs before using any of the Explicit GUPs
- The GUP itself need not be a 12.1.2 Client.
Article URL http://www.symantec.com/docs/TECH198640