Patch Management Group

 View Only

How to install CEM functionality in SMP 7.5 SP1 

Jan 29, 2015 11:39 AM

What is basically required to have SMP 7.5.x CEM functionality working via HTTPs using self-signed or non self-signed certificates


Probably this information will be useful to know, if you're going to setup CEM in your environment.

All description steps in attached doc were done in SMP 7.5 SP1 release build!



In attached "CEM - Basic to install CEM functionality.docx" you will see following areas with screenshots and description, like:

  • How to install SMP 7.5 SP1 via SIM 7.5.x on "Default Web Site", using self-signed certificate and enabled HTTPs
  • How to install SMP 7.5 SP1 via SIM 7.5.x on "Default Web Site", using own non self-signed certificate and enabled HTTPs
  • Installation of Symantec Management Agent on endpoints from SMP Console to enable HTTPs communication via self/non-self-signed certificates
  • Pre-requisites for remote Site Server(s) installation and their installation to works through HTTPs via self/non-self-signed certificates
  • "Symantec Agent" web site (CEM Web Site) installation and other details about another certificate importing.
  • "SMP Internet Gateway" installation and configuration details
  • Details about adding "SMP" and "Site Servers" in installed/configured "CEM Gateway" and further Site assignments to server CEM clients.
  • Details about enabling "Cloud-enabled Management Settings" policy on SMP Console.
  • Details about "Cloud-enabled Management Settings" policy on managed endpoint and their behavior.

 

Also you can check another link to see some CEM troubleshoot cases:

Statistics
0 Favorited
13 Views
1 Files
0 Shares
5 Downloads
Attachment(s)
docx file
CEM - Basic to install CEM functionality.docx   1.38 MB   1 version
Uploaded - Feb 25, 2020

Tags and Keywords

Comments

Jun 14, 2018 04:54 PM

Thanks Igor!

I have a few more questions coming up, i will post it as new question.

 

Thanks again

Jun 14, 2018 04:46 PM

Thanks Igor!.

 

I have some CEM questions about Site Servers and Agents, I will articulate the question and post it up. I'll  let you know when I submit it.

Jun 13, 2018 01:40 AM

Hi JeanWilson!

Yes, this doc also works for 8.1.x !

  • This doc is created from 7.5 SP1 version, so in 7.6.x or 8.0.x and 8.1.x some things are changed/improved, especially there is 'communication profile' where you can import required certificates and they will be delivered to targeted-managed client computers

Best regards,

IP.

Jun 07, 2018 02:20 PM

Can I use this document for 8.1?

Dec 01, 2015 01:55 AM

Yes, you can. This functionality is valid for all 7.5+ versions.

Nov 30, 2015 03:22 PM

I havent started yet but can I use this article for SMP 7.6.1 as well?

Thanks

Sep 04, 2015 06:24 AM

You are welcome! :- )

Sep 04, 2015 01:18 AM

Thanks .....helpful artice...

Feb 11, 2015 10:53 AM

Excellent article! 

 

Jan 30, 2015 02:04 PM

If you have more than one Package Server in CEM mode, then you have a handler of failover, because CEM clients will try to download from 2nd Package Server in CEM mode as well if 1st one is down.

Jan 30, 2015 12:19 PM

ah ok, so they will not download from SMP at all? Also we will have few sites like that and each of those site will have a PS and those clients will be manully assigned to their prospective PS. 

Jan 30, 2015 11:24 AM

If you will have only single Package Server in CEM mode for all managed endpoints, which are in CEM mode, then remember about failovers, because if you will set manual assignment to serve only CEM clients and this Package Server in CEM mode will not respond, etc, then all clients in CEM mode will unable to download packages.

Jan 29, 2015 09:46 PM

Thank you so much. I will give it a shot. 

Jan 29, 2015 05:17 PM

Hi skhs,

thank you for feedback!

I see this way, how it will looks like:

1st: Need to generate "CEM Offline" package ⇒ deliver it to future Package Server computer (because this computer doesn't have access to company network) ⇒ install "CEM Offline" package ⇒ this computer will register with SMP Server via CEM Gateway.

2nd: There is a mention, that Package Server can be set on computer, which is in CEM mode (with CEM Settings policy applied) on Site Server Management page

CEM_PS.jpg

(Note: Do not forget about setting a IIS HTTPs binding for this Package Server).

(Note: You will not be able to set "Task Server" as Site Server for computer, which has "CEM Settings" policy applied).

3rd: After that you will have Package Server which is in CEM mode and you will need to set appropriate manual assignment/or/Site assignment on this Package Server to serve CEM clients only.

Other client computers, which are in CEM mode as well as this Package Server, should profile network speed of this Package Server address ⇒ receive package codebases from SMP Server via CEM gateway ⇒ then CEM client will determine, whether they are able to download packages directly from this CEM PS or not.

(Note: CEM Client and CEM package server shouldn't have network problems, like resolving failure of each other by hostname/fqdn/IPv4 or other problems like SSL handshake error, etc).

Pay attention on these cases:

Thanks,

IP.

Jan 29, 2015 04:05 PM

Thank you Igor, great document. Wonder if you would know if we can have a site server that only connects via gateway? use case is if we have a site that is not connected to the company network and clients are connected via CEM but we would like clients to download packages from the same location where they are. (so only PS downloads packages from smp via gateway and clients download from that.)

Related Entries and Links

No Related Resource entered.