Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SVA vs SEPM Groups

ℬrίαη

ℬrίαηJan 21, 2014 10:18 AM

Ditto. Keep us updated
ℬrίαη

ℬrίαηJan 21, 2014 10:31 AM

That was fast

  • 1.  SVA vs SEPM Groups

    Posted Jan 21, 2014 08:22 AM

    In the SEP 12,1 guide, it is mentioned to

    "export the communication settings file from the client group that you plan to use for your Guest Virtual Machines (GVMs)".

    But what will happen if the GVMs of one ESXi host are in multiple SEPM groups. Or even, if one group has GVMs from multiple ESXi?!

    Will it work to have one SEPM groups for all SVA clients?!



  • 2.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 08:24 AM

    Each SEP client is separate so you would need to replace the sylink on each one from each different group.



  • 3.  RE: SVA vs SEPM Groups

    Trusted Advisor
    Posted Jan 21, 2014 08:51 AM

    If your looking at a small amount of machines you create a temporary group to export from then as machines drop into the group manaually move them to the group you want where they will pick up the polocies of that group. 

    If there is a large amount of machines could create a basic package and use a script to stop the client and drop in the required sylink to the group it requires then start the client 



  • 4.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 08:56 AM

    Guys,

    You know I am talking about SVA, not SEP client?!



  • 5.  RE: SVA vs SEPM Groups

    Trusted Advisor


  • 6.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 09:27 AM

    I think you're going to need a Symantec guy to answer this one for you, but I personally don't see how the preferred-group setting in a sylink file would make much difference to the SVA.  I'd guess that the sylink file is used more for the PUSH/PULL, heartbeat interval, SEPM info and cert more than the actual group name itself.



  • 7.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 09:32 AM

    It will be a nightmare if it used with the prefered-group. And useless to utilize. I don't want to group SEP clients based on ESXi hosts.



  • 8.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 09:38 AM

    Ya, I agree that it wouldn't make sense.

    Perhaps PM/email one of the SEP guys?  Please let us know if you receive an answer outside fo this thread.  I'd be curious to find out the answer to this particular question.



  • 9.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 09:42 AM

    There seems to be either a lack of or dis-information regarding this particular technology but I agree with SMLatCST, let's see if Symantec checks in with an answer on this.



  • 10.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 10:17 AM

    I just did open a case with Symantec. I am curious to know if Symantec tech support actual have experience with SVA.



  • 11.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 10:18 AM

    Ditto. Keep us updated wink



  • 12.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 10:29 AM

    I got the solution from Symantec

    "The Sylink file that it has you export when preparing to install the SVA is solely to tell the SVA which SEPM it should report into, that's it. The SVA itself won't go into any group, it just uses that file for the communication settings and key for communicating with the SEPM. Your virtual machines running on that ESX server don't have to be in any specific group but they will need to be configured to use that SVA so they would need to be going to either the same SEPM as the SVA or one that is replicating with it. You wouldn't want to send them to a completely separate SEPM environment as your SVA can only be in one SEPM environment."



  • 13.  RE: SVA vs SEPM Groups

    Posted Jan 21, 2014 10:31 AM

    That was fast cool



  • 14.  RE: SVA vs SEPM Groups

    Posted May 15, 2014 04:03 PM

    Hmmm, our setup hasn't been working one lick since day one over a year ago. Cant make anything communicate with anything, except if an SVA does go down, I sure get an alert.

    So, this post leads me to this question, and may be I misunderstand what's being said - here's the part I am keying in on -
    >> The SVA itself won't go into any group, it just uses that file for the communication settings and key for communicating with the SEPM. Your virtual machines running on that ESX server don't have to be in any specific group but they will need to be configured to use that SVA so they would need to be going to either the same SEPM as the SVA or one that is replicating with it<<

    OK, we have two SEPM servers. The clients can talk to either, and may move about. They are in the same place, same building, on the same subnet. The SEPM servers exist as two so that if one dies I can still maintain some control and we're not totally lost with nothing.
    So, 300 client computers in a half dozen groups, let's say for now. TWO SEPM servers. Clients mix and mingle at this point as far as SEPM server.

    TWO hosts, one SVA installed to each VM host. They say they are up and I get an alert if either goes dark. BUT, the SEPM console reports in the sva column - and always has, unknown or even not applicable. I can understand the latter for physical machines, but it states that for ALL computers, even VDI desktops with SEP running. Right now I see two test lab computers in the same SEP group, a VDI group in SEP. They are cloned desktops from the same gold image - yet one status is unknown and the other is not applicable!

    The clients have never shown a specific SVA, and the SVA never shows any connections or stats.

    Then the secocnd part of the quote from Yahya - "communication settings and key". What does this mean if a SEPM server is upgraded from one SEPM build to another, or one is totally recreated? Does that kill the "key" ? Does it mean that the SVA can't work because the "key" has changed?

    What is meant by "key" ? And can things be changed once the SVA is created and running or must one trash it and start all over again any time you change any little thing in SEP or the SEPM?

    Thanks.