Symantec Management Platform (Notification Server)

I have a few basic questions about implementing CEM (Cloud Enabled Management). I have a few dozen clients of the 3000 or so I have that I want to manage through CEM. The rest already have the NS 7.5 client installed and are working fine. I want to enable the few dozen clients with the minimum of effort and change and the documentation doesn;t make it clear what the architecture options actually are :-

- Do I need to have all my clients using https communication or can I have just those connecting through the cloud using this?

- I have site servers, but am happy to have the cloud based machines talking directly to the NS or a specific site server. How do I achieve this or do I have to enable all site servers to use https: and be cloud enabled regardless?  Can the gateway machine be a site server?

- What is the most minimum configuration I have to go through to set this up, If I can avoid major changes to all the rest of the client/site server setup the happier I will be.

Unfortunately the documentation seems to be designed for citicorp or american express and not the small organistions that make up the bulk of business!!

If anyone can help I'd really appreciate it - and thanks in advance!

Steve

Hi smassie,

1) smassie: Do I need to have all my clients using https communication or can I have just those connecting through the cloud using this?

IP: It depends on your policies/security, whether you're using a HTTP or HTTPs in your corporate network, but HTTPs is requirement for CEM clients. If you will use mixed mode HTTP and HTTPs, then there should be correct Targeted Agent Settings created, etc.

• You can read this thread about similar question: https://www-secure.symantec.com/connect/forums/error-generating-cloud-based-agent-failed-generate-package-https-ns-base-url-must-be-used-int

2) smassie: I have site servers, but am happy to have the cloud based machines talking directly to the NS or a specific site server. How do I achieve this or do I have to enable all site servers to use https: and be cloud enabled regardless?  Can the gateway machine be a site server?

IP: It depends on what is current load in your environment, otherwise how much managed endpoints and remote Site Servers there. If you see that your current Site Servers are successfully serving all these managed endpoints, then you can set these Site Servers to serve CEM clients as well as intranet clients.

Set HTTPs binding on appropriate Site Server(s) to make possible to publish PS HTTPs codebases for CEM Clients as well as for HTTPs communication of Task Server and Client Task Agents through CEM Gateway and after add these Site Server(s) in CEM Gateway Site Server list. After all you will need to set appropriate assignments on Site Server Management page for these Site Servers.

I don't think that this is a good idea to set CEM Gateway as Site Server.

• You can read some information from this thread: https://www-secure.symantec.com/connect/forums/71-75x-upgrade-path-cem

Thanks,

IP.

Many thanks IP... We'll give it a go!

Also you can use information from these CEM articles for further cases:

• https://www-secure.symantec.com/connect/articles/how-install-cem-functionality-smp-75-sp1
• https://www-secure.symantec.com/connect/articles/about-different-cases-troubleshooting-cem-functionality

I will reply inline below with bold comments...

I have a few basic questions about implementing CEM (Cloud Enabled Management). I have a few dozen clients of the 3000 or so I have that I want to manage through CEM. The rest already have the NS 7.5 client installed and are working fine. I want to enable the few dozen clients with the minimum of effort and change and the documentation doesn;t make it clear what the architecture options actually are :-

- Do I need to have all my clients using https communication or can I have just those connecting through the cloud using this?

I use targeted agent settings to carve out another group of computers to communicate via HTTPS, unless you installed ITMS and selected "Require SSL", which means the environment is 100% SSL required.

- I have site servers, but am happy to have the cloud based machines talking directly to the NS or a specific site server. How do I achieve this or do I have to enable all site servers to use https: and be cloud enabled regardless?  Can the gateway machine be a site server?

You need to publish HTTPS codebase of course. I have created a site server with package service/task service on it, and assigned it to the Internet Site in Settings -> Notification Server -> Site Server Settings. 

You typically don't want your NS to be a PS, it will duplicate the packages and cause unnecessary disk space to be consumed. You will need the SS that is your internet site server to have a certificate bound to the respective port, and the proper SSL certificate selected. I typically have everything in the CEM environment using SSL, including the CEM SS.

- What is the most minimum configuration I have to go through to set this up, If I can avoid major changes to all the rest of the client/site server setup the happier I will be.

I am going to create a video on this and have my employer host it. I should complete this in the next day or two. It will hopefully answer the question, "how do I bolt on CEM?" I will post this link when it is up.

Unfortunately the documentation seems to be designed for citicorp or american express and not the small organistions that make up the bulk of business!!

If anyone can help I'd really appreciate it - and thanks in advance!

Steve