Video Screencast Help

Location, Location Awareness, and Managment Server List

Created: 04 Feb 2013 • Updated: 04 Feb 2013 | 8 comments
This issue has been solved. See solution.

hello,

I am tasked to update/upgrade my company's Endpoint Protection from 11.x to 12.x

We have a corporate office, and 30 remote sites.

I plan to have a SEPM server at each location.

I am currently testing 12.x in our test network.

What I want to do, and I am looking for help with, is setting up a server management list for each site, and location logic for each site. So that is a client is in a range of IP addresses for a location, they will look to that local management server for updates and defs, without having updates and defs pushed over the WAN.

I have found many documents, and “how to’s” and I think I have this setup correctly, but in testing, I have clients that aren’t using the server management list, the location logic should make them us, if I have this setup correctly.

If I can get direction as to where to look or what to check to verify I have set this up correctly, or a link to a good “how to” I may not have found yet, that would be great.

If I need to give more information, ask

Thanks in advance

Comments 8 CommentsJump to latest comment

.Brian's picture

Did you configure the MSL?

 

Configuring a management server list

Article:HOWTO81154  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81154

 

Assigning a management server list to a group and location

Article:HOWTO80735  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80735

 

Also, is there a reason you need 30 SEPMs? That is very excessive. You can put one SEPM in your corporate office and configure GUPs at each location to provide content updates. This will minimise bandwidth issues signiifcantly. Plus, you than only need to login in to 1 SEPM and have a full view over everything in one central console.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

And the clients have taken the latest policy than?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

13thvictor's picture

and Brian81

your suggestion about using GUPs at remote locations, this will update client software too? not just defs?

if so that may be a better option

if I went with GUPs at remote sites, and not a full SEPM install, how do I confugure clients to update from the GUP...it would be with a server managment list then, correct?

.Brian's picture

GUPs only provide content updates at this time. They cannot provide software updates.

You will need to create a LiveUpdate policy to define the GUP. Than create locations so each client detects what location they're in and be able to update from the local GUP.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

GUP can not provide software update, It can provide only contents.

Go through the following articles to know how you can setup the location awareness policies.

How to create Out Of Office Locations Rule

http://www.symantec.com/connect/articles/how-creat...

Configure client to take liveupdate from Group update provider of specific location.

http://www.symantec.com/connect/articles/configure...

Location Awareness using Multiple Management Server Lists

http://www.symantec.com/connect/articles/location-...

You can refer this video as well:

Configuring Location Awareness In SEPM Console

http://www.symantec.com/connect/videos/location-aw...

Location Awareness:

Symantec does not recommend more than seven (7) locations per group when using Location Awareness as this can affect the execution time on how long it takes the SEP client to process and ultimately connect to a valid location where all conditions have been met.

Go through the following articles:

Best Practices for Symantec Endpoint Protection Location Awareness

http://www.symantec.com/business/support/index?pag...

Location Awareness Logic

http://www.symantec.com/business/support/index?pag...

Defining DNS queries based on location

http://www.symantec.com/docs/HOWTO55164

Management Server List:

Configuring a management server list

http://www.symantec.com/docs/HOWTO81154

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SMLatCST's picture

My two pence wink

Don't do replication if you can avoid it.  If it must be used, keep the number of sites to a minimum (recommended is less than 5 and definitely no more than 10:
http://www.symantec.com/docs/TECH92051

If no longer replicating, then you can likely do away with the need for location awareness (as all the clients will be contacting the same server).

Use Explicit or Multiple GUPs for distributing definitions.  These are LiveUpdate policy options that allow a client to choose a GUP depending on its subnet (i.e. if I'm in the same subnet as the GUP, or in this particular subnet, then use this GUP):
http://www.symantec.com/docs/HOWTO80957
http://www.symantec.com/docs/TECH198702

And finally, to help push client upgrades, you could spin up a webserver on each office, copy an install package across overnight, and point each of your offices at their respective local repository:
http://www.symantec.com/docs/TECH106181
http://www.symantec.com/docs/TECH97406
http://www.symantec.com/docs/TECH96873

This kinda all assumes you have a central location to host the SEPM that has sufficient links to your various offices...

SOLUTION
13thvictor's picture

I am marking SMLatCST post as the solution

 

thanks very much all for the input

 

I think deploying as SMLatCST suggests will be the best option