Endpoint Protection

We have an installation of SEPM on a server in our Boston office and have several remote offices around the country (Texas, Arizona, etc).

I have found how to create and deploy the setup.exe files via a remote server's IIS capabilites but have not found how I can configure the local installations to pull the policy updates, etc. from the remote servers.  I am assuming it would be a similar process, but I have not located the "how to"...

Anyone with "remote server" experience that can point me in the right direction?

Many thanks!

Once the installation is complete;

the client will report to a group; you can then change the lIveudpate policy and configure where it should get the updates from

or when exporting a package you can select the group from where policies should be exported.

http://www.symantec.com/business/support/index?page=content&id=TECH102467

Rafeeq - How do I configure\install the updates on the remote server?   That is my confusion.

Thank you

There's no simple way to, say, have the Boston SEPM manage clients who are getting policies from somewhere else.

Policies will come from, and logs will be sent up to the SEPM the client reports to.  There's no way...at least currently...to provide some sort of "proxy" for them to be downloaded, like we do with definitions and GUPs.

You COULD set up SEPMs in Texas and Arizona, have the clients in those states report to the appropriate SEPM, then have replication enabled so that the data from the Texas and Arizona SEPMs gets sent up to the SEPM in Boston.

A better question, I think, would be "why do you want to do this?"  Typically, when things like this are asked, I've found that it's due to limitations that are trying to be worked around which, if known up front, would help us better to offer suggestions.  If, for example, the underlying issue is that there are very small WAN links between the remote sites and Boston, having SEPMs at those remote sites trying to replicate up would be, at best, painful.

Can you offer further clarification?  Is there some issue in your environment, or is this a "hey, I wonder if I can do this..." sort of question?

Chris - To answer the "why", it is due to bandwidth issues...   When the remote PCS pull down updates, the bandwidth between AZ and Boston gets pinged badly...

I was hoping we could create satelite "sites" that dispersed their own updates.

Does that help answer the "why?"

If you have multiple sites ; then better to have Liveupdate Administrator installed and configure your SEPM to get updates from that.A good article on that!!

http://www.symantec.com/connect/videos/install-lua-live-update-administrator-and-configure-symantec-endpoint-protection

The amount of logs sent up to the SEPM is relatively small...we're talking around 5k-ish or so...per client.  Policies as well are tiny.

What you really want to do is install GUPs at your remote sites.  With a GUP in place, you'll have *one* machine reaching across the WAN for updates.  The GUP will also cache the updates, so if Computer A needs an update and the GUP has to cross the WAN to get it, it will have it for when Computer B requests it...so there's no additional WAN traffic.  Assuming you're running the latest version of SEP (11.0.6300), you should be fine.  If you've got previous versions, you might want to consider upgrading to 11.0.6300.

This document will give you a little more information about GUPs, and has a link to a scaling document at the bottom:

http://www.symantec.com/business/support/index?page=content&id=TECH93813

A BIG Thanks to both Chris and Rafeeq.

Giving that my experience is very limited, any suggestions as to where I should look to come up to speed on GUPs?  I just read the link Chris provided and it looks like that solution may work for us.  However, I am not exactly sure how to go about configuring GUPs.

Figured I would post the question while I go try to figure it out in case there's a link or two that spells it out.

Thanks again!  Great forum!!!

Tom, take a look at the administration guide PDF in the documentation folder on the install DVD you've downloaded.  Page 147 is where you can get information about installing and configuring the GUP.