Symantec Endpoint 12 not compatible with Virtual Desktops due to Licensing
SEPM 12 is telling me that I have over 1300 clients deployed. This isn't even close to right. I contacted support, and the problem is that I am using Virtual Desktops and Symantec new licesning enforcement is not compatible with VDI. Specifically, each time my XenDesktop PCs using a standard image (aka golden image) reboots, it takes a new license.
So if I have 400 virtual desktops that are standard image, and they reboot 3 times in a day (3 shifts) then they take up 1200 licenses.
The short term fix from Symantec Support was to set my purge to purge unconnected desktops after 24 hours. That was fine when I had 100 Virtual Desktops. As the number of these virtual desktops have increase, I am unable to keep Symantec Licensing happy. The end result is that these clients are running antivirus pattern files from the date they were created (a month or more ago) and refuse to update.
Support said to (hope) for a fix in the next version. I have upgraded to 12.1.1000 and the fix is not there.
I'm currently moving away from Symantec Endpoint Protection since there is no fix for this bug and I have to resolve this issue. I have 10 months left in my SEP Enterprise license.
I'm posting this in the hopes that someone else can step up to the plate and help me out.
Comments
This might be what you're
This might be what you're looking for...
http://www.symantec.com/docs/TECH123419
I'm aware of that document.
I'm aware of that document. It doesn't help. I'm doing things in there. I run the ClientSideClonePrepTool.exe specified. I run it every time I update the image, as the last thing before I shut it down and clone it.
The license problem continues.
Are these clients configured
Are these clients configured as user mode?
No. Computer mode, Active
No. Computer mode, Active Directory intigrated.
Hi PrimeInc, Are you running
Hi PrimeInc,
Are you running the Small Business version of SEP12? If you are not, then the clients should NOT stop updating just because you are overdeployed.
With SEP12.1 RU1, we moved the purging ability to the domain level, so customers can now create a domain specifically for their VDI clients that purges more regularly than the other clients. Is this perfect? No, not by any means. Are we still working on a much better solution? Yes, we are.
Regardless of this though, your clients should ALWAYS get content updates if you are using the enterprise product.
If you want to PM me, lets talk offline - we may be able to sort out someting with your licensing.
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
I have upgraded to RU1. How
I have upgraded to RU1. How do I purge per the domain level? I'm not really sure I understand. I have a single Active Directory domain, however my VDI's are being LDAP synced seperately from my other computers.
If I could purge out just my VDI's daily, this does help.
I am using the enterprise product. I have seen where it says license is in warning, and that so many PCs are not protected with RU1. I can click that number and it shows me which ones are not protected. I thought those were also showing older antivirus pattern files. I've slept since then so I could be mistaken.
I still have the issue that with 725 licenses and 400 standard image virtual machines and purging occuring every 24 hours that a few reboots of the virtual machines and I'm well over the 725 count. If a PC was reboot at 23:01, purge runs at 24:00, that instance will take a license for 48 hours since it was seen within the last 24 hours.
If you click Admin, Domains
If you click Admin, Domains in the SEPM, you will see a list of SEPM domains (these are not Windows domains) - you will probably have a single domain listed. What you could do is to create a new domain in here to host your VDI clients. You can then configure purging for this domain at 1 day and reset your normal domain purging to 30 days or whatever you prefer.
The clients would need to be moved into the seperate domain, and you can then apply a totally different set of policies and managemetn structure to them, the easiest way to move the clients would be to change the installation package on your VDI gold image.
As it is today, the licensing piece should be soft, it will say you are overdeployed, but the machines will continue to update and work perfectly normally
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
If you make the change to an
If you make the change to an existing domain, how long does it take for the change to take place? Is there any update on when this maybe fixed in a future release?
Hi Paul, I am running into
Hi Paul,
I am running into the same licensing issues as the OP. How do I configure the purges as you suggest? I have created a second domain in the Domains tab called "VDI Clients" for example. I go to Servers tab then Localhost and set the Database properties to delete clients after X days. The reason I ask is because when I go back to administer the primary domain and check the database properties it is also set to X days. These should be different, no? Or am I looking in the wrong place?
Would you like to reply?
Login or Register to post your comment.