Planning custom group for SEPM organization for optimized security administration (if SEPM not in sync with AD)
It is been observed that the confusion about Group creation or planning a structure in SEPM becomes a problem. It becomes even more difficult when the environment has distributed locations and mixed environment of 32 and 64 bit systems. However, it is not that difficult to plan. Let me first tell that unlike SAV 9.x or 10.x, SEPM it uses just Groups like there are containers in AD. In SAV there was a concept of Primary Group and Secondary Groups.
Let me discuss few aspects that may be considered while creating groups :
- Geographically separated locations
- Server OS and Client OS
- Servers 64 bit and Clients 64 bit
- Need specific policy for a group of Clients
- Laptops (Mobile clients).
Benefits :
Geographically separated locations
This could help in defining GUP(Group update provider) which will considerably save bandwidth over WAN.
Server OS and Client OS –
- This helps in differentiating Servers and clients.
- This will help make custom packages for Servers and Clients wherein we can Exclude some not supported features like PTP for Server OS.
Server 64 bit and Clients 64 bit –
- This will help make custom packages for Servers and Clients wherein we can Exclude some not supported features like PTP, Device control.
- It will help in setting up Auto-upgrade for the clients GroupWise (SEPM – Admin – Install Packages – Under Tasks – Upgrade Group with package) by selecting relevant (32/64bit) Install package.
Need specific policy for a group of Clients
This would help in case there is some specific policy need to be applied to a group of clients. Eg. Firewall Policy : Need to block access to some application that uses a specific port, etc. Or may define Antivirus policy to run Full Scan every day.
Laptops (Mobile clients)
This would help to create a Location Specific Policy wherein it would help in Live Update process. If the Laptops are connected to the internal Network, they would take the updates from SEPM and if they are not they can automatically switch the location to get the updates directly from Symantec Website.
Example :
There is an organization abc.com. It has 5 Geographically separated locations. On each location there are 4 Windows Server 2003 32 bit and 50 Clients running on Windows XP SP3. At head office there are additional 10 Clients 64 bit Clients and 2 additional Windows Server 2003 64bit. There are 15 users carrying laptops who are mostly on field.
Create Table :
Structure would then look something like this :
Now you can Decide policies for the groups as required. After that create custom packages for the groups and deploy.
Note : This article is not the standard format, however it can be used to get an idea for planning an organized group structure that would facilitate Policy management and further upgrades if required.
Comments
Planning custom group for SEPM organization
Hello Santosh,
Good One! Hope this will help many in planning SEP implementation.
Cheers,
Rajesh Ramakrishnan
Really Great Work..
Really Great Work.. Should save loads of time for all...
Kedar Mohile http://kedarmohile.blogspot.com
Nice work Santosh C. What
Nice work Santosh C.
What about clustered servers? Do they need to be group in a separately eventhough they are in the same location?
With client and Server OS.. Is SEPM only good for windows based OS?
We could use SAV (non windows) for Mac OS or linux right?
Is this issue being attended by Symantec already?
Thanks...
Nel Ramos
Cluster server guidance from Symantec
Hi Nel,
It is really a good and important question. I would like to give a thumb on that.
You may find this information useful for the clustered environment :-
Cluster server guidance from Symantec
More details are available on : http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008120113202748
---------------------------
Santosh C
http://santoshchandode.blogspot.com/
With client and Server OS.. Is SEPM only good for windows based
For the is Question :
With client and Server OS.. Is SEPM only good for windows based OS?
Please refer to the System Requirements section in Installation Guide.
This provides you the detailed info on that.
You would find teh installation Guide in SEP CD1-Documentation folder.
Link : http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008121812110848 (This is for 11.0.4, Please refer to the SEP 11.0.4202 Documentation in its CD1 also)
-------
Santosh C
http://santoshchandode.blogspot.com/
We could use SAV (non windows) for Mac OS or linux right?
Hi Nel,
We could use SAV (non windows) for Mac OS or linux right?
SAV 10.2 for MAC
Please check SEP CD2 for SAV for Linux
Thanks :)
Santosh C
http://santoshchandode.blogspot.com/
SAV for Mac
...is included as a part of the Multi-Tier bundle (the .dmg file), or as a standalone puchase. :)
http://www.symantec.com/business/products/sysreq.jsp?pcid=pcat_security&pvid=multi_prot_1
(You will need to scroll down to find the Mac and Linux stuff.)
sandra
Symantec Technical Support Engineer, LAM/NAM // SAV/SEP for Mac
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Santhosh, Thanks for the
Santhosh,
Thanks for the information. We are planning to upgrade to SEPM from SAV 10.x version. Is there any full document or PPT which shows the deployment approach which will really help me in implementing SEPM in our organization.
The scenario follows:
Our current infrastructure is having 6 separate geographical location. Each location is having separate Primary SAV Servers and each Primary servers is tagged with around 20 to 30 Secondary SAV Servers. Each Secondary SAV Servers is tagged with 400 to 500 clients.
What is the best way to deploy SEPM in our organization..?
Waiting for your valuable inputs.
Regards,
Prakash
Would you like to reply?
Login or Register to post your comment.