Endpoint Protection

 View Only

  • 1.  Site setup questions

    Posted May 12, 2016 03:33 PM

    I am moving back to SEP and am trying to do something that was relatively simple with other solutions I've used.

    I do not want any management traffic over the WAN between our two physical sites. I have installed SEPM at our primary site and a replication SEPM at our secondary site.

    What is not obvious is if the SEP clients at the remote site are connecting to the local SEPM for management and updates. I've installed SEP on one as a test at the remote site but it is not showing in the local SEPM installation, only on the remote. Or is this one-way replication only?



  • 2.  RE: Site setup questions

    Posted May 12, 2016 03:38 PM

    Did you force a replication to happen? It would only show on the next replication cycle.



  • 3.  RE: Site setup questions

    Posted May 12, 2016 04:57 PM

    Ah, so it will show up when it replicates.

    As far as that secondary site SEP install goes, will it say it's being managed by the secondary site SEPM or will it show it as being managed by our main site? It's currently showing as being managed by our main site but I don't want it to use liveupdate from there, I'd much rather keep it on the local LAN.

     



  • 4.  RE: Site setup questions
    Best Answer

    Posted May 12, 2016 05:02 PM

    The sites are separate from one another with their own DB. They only replicate between the two in case one goes down then it can be managed by the other.

    You need to configure a management server list on each to tell clients which you want them to point to. You can create a LiveUpdate policy so clients only get updates from whichever SEPM it points to.



  • 5.  RE: Site setup questions

    Posted May 12, 2016 05:50 PM

    Brian, thank you.

    I was scratching my head until I googled "management server list" which then pointed me to the Policies screen in SEPM - the Policy Components section was collapsed so of course I didn't see the management list. I had already created site groups in SEPM so all I had to do was right click the Default Management Server List for the site I wanted and apply it to the group I created earlier.

    That was probably harder than it had to be, but I guess I didn't explore the UI enough...

     

    Dan



  • 6.  RE: Site setup questions

    Posted May 12, 2016 06:16 PM

    And as I move along I discovered the location awareness feature so I don't have to duplicate groups. I combined the groups I split manually and used location awareness to set the management server list to the local SEPM at each site.

    For others that wants to do what I'm trying:

    1. Open SEPM

    2. Click the Clients option on the left bar

    3. You'll see the Add Location in the tasks below the group list.

    Once you set that up you can turn group inheritance off for the Communications Settings then apply the site management server list you choose.