Endpoint Protection

Hello


My employer's topology has a main site with over 500 clients, a secondary site over 100 clients which only has a T1 WAN circuit, and another site with 75 clients over a 512k WAN circuit. 

Now, can I perform a client push from a GUP? If not, whats the configuration required to have 3 SEPMs (1 on the main site, two on the other smaller remote sites) in order to have them manage their local clients and replicate stats to the SEPM at the main site which will be the MAIN server?

Thanks!

Jay

You cannot push clients from a GUP, those are for content updates only. 

What you want here is Load Balancing, although this will probably require more bandwidth that you want to use as this will copy the database over your WAN link.

You can use your GUPs to push client installs *if* you used the ClientRemote tool:

1) Copy your client install set(s) to your GUP(s)
2) Grab the ClientRemote tool from CD2 (in the Tools\PushDeploymentWizard) folder

This works pretty much the same as the Migration and Deployment Wizard installed on the SEPM.

why not use "remote deployment" wizard on CD2 and copy this as well as a package to remote site and rdp to the server where you've copied the package and "remote deployment wizard" to and just do a roll out on the remote site that way...
hope this is what you were looking for...

Justin/Gino, thanks for your help.  I'll use the remote deployment on CD2 in order to push locally on those sites. 

---

Thomas,

I reviewed the article and I modified my settings accordingly.  Now, will this make the computers from each site to report to their respective SEPM instead of the MAIN SITE's SEPM?  Example, if I log into a remote site SEPM, (correct me if i'm wrong) I believe that computers that are being reported directly to it will have the green dot next to the computer name and are communicating/being managed by that specific SEPM (meaning that heartbeats and content update).

I know that the quantity of PCs per site does not require me to have a SEPM on each, but the lack of bandwidth on each site obligates to minimize all communication to the main site's SEPM and have site SEPM's handle all heartbeats locally. 

Thanks again!

J

Go through this article once
Tips For Installing SEP In A Low Bandwidth Environment

AravindKM,

Went trough the article before I posted here and followed all instructions.  As for today,  some computers are reporting to their respective site SEPM but not all, even after Update Content command was successfully issued.

GUP's have been defined on each WAN site since but still some clients are getting data off the main SEPM server even tough clients are checking in on a daily basis.

Is there a way to force clients to report to their respective SEPM's?

Create separate groups for each location ,assign the corresponding server management list.Move the clients to respective group.

Groups have been defined since day 1.  I can say that 75% of the clients are checking into their respective servers, but some "rogue" clients are still checking into the main SEPM, even though they have been on the same group where 75 out of 100 clients are checking into their site's SEPM. 

I've been wanting those particular clients to change from the red arrow to the green dot and viceversa. Those clients have been on that group for weeks and still report to the main SEPM instead of their site's as the rest of the clients do.



.

Take a copy of SerDef.dat and sylink.xml from a working PC.It will be under C:\Program Files\Symantec\Symantec Endpoint Protection folder.Move these original files along with its backup files from the problematic client(You have to stop smc service by using smc -stop command before doing this.)Put the new files in problematic pc in C:\Program Files\Symantec\Symantec Endpoint Protection then start SMC service(smc -start command).

Excellent.  I tried this on some clients and it fixed the issue.


THANK YOU!