Endpoint Protection

Hello-

I have 5 seperate offices I support, and I have an SEP Manager in each of them.  Each are stand alone.  After upgrading the install in my office, I notice it now tracks licenses.  This makes me think I should link all 5 sites together, so they are all aware of the licenses, rather than updating licenses in each manager and even simplify policy deployment. 

Is it possible to take this existing infrastructure and set up each deployment as a connected site?  Or would I have to uninstall the manager in the other offices, install the matching version and during the install, connect it to the main site? 

My other sites really don't have many managed clients, but I'd really like to get them managed and start deploying upgraded clients (most are still on v11.0.5).  So if I have to remove the manager, this is the time to do it.

I know this probably deserves a seperate topic, but for a policy group in SEPM, is it possible to set up multiple install packages, one for 32 and one for 64 bit?  Or do I have to create seperate groups, based on OS bits? 

Thanks,
Joel

Yes, You can be manage Remote location SEP client to Main Location ....

You can auto upgrade 32 bit to 64 bit

You can assign a 32-bit and 64-bit package to the same group when you do an auto-upgrade and both clients will automatically upgrade. You don't have to create separate groups for 32-bit and 64-bit clients.

Client Deployment Wizard Overview

https://www-secure.symantec.com/connect/articles/client-deployment-wizard-overview

I would probably stick a SEPM at your main site and have all clients report back in to it. To deal with content updates, you can add a GUP at each location to handle this and save on bandwidth across the WAN.

So in this case do you still need to have LUA server to distribute the download across to each SEPM server in each sites ?

Hello,

SEP 11.x does not require a Software license. It requires a Paper License.

Check this Article below:

Does Symantec Endpoint Protection 11.0 require a license file?

http://www.symantec.com/business/support/index?page=content&id=TECH103025

It is the SEP version 12.1, which requires the Software License.

Secondly, I would agree with Brian's Suggestion. Stick to 1 SEPM at your main site and have all clients report back in to it and implement the Article below:

How To Optimize Endpoint Protection for Branch Offices using GUPs, Load Balancing, and Location Awareness

http://www.symantec.com/docs/TECH94122

Also, check this Thread: https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-management-multi-site-setup

Again, I would recommend you to make sure you migrate the SEP 11.0.5002 to the Latest version of SEP 11.0.7101 and above. Check this:

About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

http://www.symantec.com/business/support/index?page=content&id=TECH131660

Hope that helps!!

This is most helpful.  I didn't know about GUPs.  I'll look into implementing these, create groups in SEPM in our main office for each branch, then get my clients moved over.  So far, the other offices Terminal Servers are really the only clients being managed, so that I could lock down the client so users can't disable protection on the TS!  I assume once I've got the groups and polices and GUPs configured, i would simply use sylinkdrop.exe to move the client to the new manager. 

As part of this move to managed clients, I will have my groups set to deploy the upgraded client.  I'm a bit behind on client versions because I didn't have this all set up for an easy push.  With groups, I can see I can better manage versions, which is the motivating factor in getting groups set up. 

Excuse me for asking what might be a dumb question.  But how do you install a GUP?  I'm looking through the implementation guide and I see 1 hit.  It talks about setting up a live update server.  I assume this is a Live Update Administration machine.  Just as I was getting comfortable with SEP, this throws me.  Tech article TECH94122 talks all about GUP, but doesn't tell you how you implement the machine that is going to host it, just! 

In  your LiveUpdate policy, there is an option to make a machine a GUP. Every SEP client can be a GUP, there is no install needed for a GUP.

Hello,

I would says check these - 

TRAINING:

Amazing Video’s created on Group Update Provider on the Symantec Connect website.

https://www-secure.symantec.com/connect/videos/group-update-providers-part-1

https://www-secure.symantec.com/connect/videos/group-update-providers-part-2

Here is the Information on "Group Update Provider in MR5 and Above" ========================================================

1) New features and functionality in Symantec Endpoint Protection Release Update 5 (SEP RU 5) Group Update Provider (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH96417

2) Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH93813&locale=en_US

3) Configuring the Group Update Provider (GUP) in Symantec Endpoint Protection 11.0 RU5

http://www.symantec.com/business/support/index?page=content&id=TECH96419&locale=en_US

4) How to locate the Group Update Provider (GUP) list in Symantec Endpoint Protection 11.0 RU5

http://www.symantec.com/business/support/index?page=content&id=TECH96277&locale=en_US

5) How to search for the clients that act as Group Update Providers ?

http://www.symantec.com/business/support/index?page=content&id=TECH96094&locale=en_US

Hope that helps!!