Endpoint Protection

Hello,

One customer has made a recent acquisition and now they have 2 different SEPM servers in 2 different networks. SEPM1 (12.1.5) has about 800 clients, with embedded database. SEPM2 (12.1.6) has about 2400 clients with SQL on a separate server. What customer wants is to have one console to view both sites, but they don’t want to move clients from SEPM1 to SEPM2, since they have some network issues. SEPM1 and SEPM2 can be reached by each other with no problem, but they have installed different SLF files.

Replication is possible even if they don’t have same license? Should they load both licenses on both SEPM servers?

Protection server could be used? Is this still being offered to customers? Would they have to buy Protection Server license?

Any suggestion to try on this will be greatly appreciated.

Go with replication. You can load both licenses. You just need to make sure all your clients are covered. You can create an MSL to keep clients separate.

https://www.symantec.com/connect/forums/can-you-replicate-between-sql-database-embedded

What do you mean by protection server?

Brian,

Thanks for your note. I'm sorry, I meant Protection Center. Can you elaborate about MSL?

You can configure MSLs to tell the clients to go to a specific SEPM. It's used for load balancing/failover:

Managed Load Balancing: Setting up Management Server Lists based on locations in Symantec Endpoint Protection Manager.

Configuring a management server list for load balancing

SPC went end of life.

I'm afraid it's no simple matter.  As these are 2 separate and independent SEPM sites, in order to combine them both into a Single SEPM farm, the DB on one of the will be lost.  In terms of a project to allow centralised management of both envorinments, I'd recommend the below steps:

1. Pick a Primary SEPM (either one will do, but I'd personally pick the one that manages the most clients, call it SEPM2)
2. Setup a brand new SEPM in the smaller office as a replication partner to the Primary SEPM (let's call this new one SEPM1B)
3. Recreate groups and policies in the new SEPM farm to mirror the settings from the smaller site's original SEPM (SEPM1)
4. Move clients from smaller site's original SEPM to the new replciation partner SEPM on the same office (SEPM1 -> SEPM1B)

The reason for this is that setting up replication requires mirroring a DB from one SEPM to another, which means wiping out the destination SEPM's database (losing all config).

Doing it the way I've described above, means you will arrive at a stage where you have the new SEPM (SEPM1B) ready to go, and can migrate clients across to it in a controlled and staged manner, as well as leaving the old SEPM (SEPM1) handy in case you need to move back.

The intricacies of the above con be found in the below articles:

Replication:

http://www.symantec.com/docs/TECH93107

http://www.symantec.com/docs/TECH105928

http://www.symantec.com/docs/TECH91509

http://www.symantec.com/docs/HOWTO81029

http://www.symantec.com/docs/TECH95122 (just in case the DB is huge)

Move clients from one SEPM to another (Step 4):

http://www.symantec.com/docs/HOWTO81116 (you need the MSL from SEPM2B)

http://www.symantec.com/docs/HOWTO81111

http://www.symantec.com/docs/HOWTO80762

http://www.symantec.com/docs/HOWTO81109

http://www.symantec.com/docs/HOWTO81179

https://www.symantec.com/connect/forums/how-change-sylink-client-using-snac-1215

https://www.symantec.com/connect/forums/need-make-unmanaged-client-managed-client-must-be-done-remotely

https://www.symantec.com/connect/forums/sep-1107-sepm-1212-communication-update-package-fails

In terms of licensing, the SEPM farm  (SEPM2 and SEPM1B) should have both licenses installed on it (licenses are automatically replcaited across both so you only need to do this on one).  The licenses on SEPM1 can be left where they are.  As long as the total number of endpoints does not exceed the total number of endpoint licenses, you should be fine from a license perspective.

Alternatively, you can get in touch with a Symantec partner (like ourselves) for PS to perform this sort of migration for your customer.