Endpoint Protection

Hi,

Our company (X) was recently accquired by another company (Y). We (X) had our own SEP enivronment and the company (Y) that accquired us had their own SEP environment. Both companies SEPMs are running on version 12.1.6. Now the parent company (Y) wants to move all existing SEP endpoints in our (X) environment to their SEPM for consolidation. Our (X) SEPM will subsequently be decomissioned afterwards. What is the best way to achieve this? Also can we (X) import our licenses into their (Y) SEPM for use?

Thanks.

There are two ways you can do this ether do a sylink drop to all the machines to repoint them at the new SEPM using the communications wizard built into the home page of the new SEPM

OR

If the two SEPM's have the ability to replicate set up the old SEPM as a replication partner (if they are on the same version) then update the managment server list to make the new SEPM 1st priority to check into. Then when you are happy all the old clients have checked in and are pointing at the New SEPM you can sipply decomission the old SEPM. 

See below link
https://support.symantec.com/en_US/article.TECH92556.html

Install a new SEPM in either X or Y. 

then initiate a replication between two SEPMs 

Use sylink drop to get the failed ones to the new SEPM, can Decomission the old one once verified.

https://support.symantec.com/en_US/article.TECH92556.html

Hi GeoGeo,

Thanks for very helpful and prompt response. My concern is both SEPMs are currently servicing different domains. One being www.X.xom and another one being www.Y.com. Won't there be any domain specific configuration/parameter in our (X) SEP endpoints that may cause issue when moved to entirely different domain's (Y) SEPM? Also isn't this a security weakness that anyone can drop a sylink file and point existing SEP clients to entirely different SEPM without any sort of authentication check at client's end?

As long as that domain can comunnicate with the new SEPM over the required port then there shouldn't be any issues. An if you follow best practice SEP your SEP clients will be protected by password for dropping the sylink file in. Which when you use the wizard it will ask for as you go through the wizard to drop the new sylink in. If you haven't configured a password thenyes you'll just be able to drop in a sylink file without being promted for a password. 

Being on different domains doesn't matter to SEPM. They just need to communicate over tcp 8014.

Set a password to stop smc

Thank you all for such helpful replies. I will test your suggestions and will update if i was successful or not.

You have the following options -

1. Go to the client deployment wizard and select "communication package" 

2. PUSH DEPLOY this Sylink file to the clients from child company

3. All the clients will then communicate with the new SEPM server

OR

4. You can replicate or create the load balancer to the primary site, giving the priority to the main server

5. When ALL the clients from the child company communicates to the main SEPM (priority 1), decommision the priority 2 SEPM manager 

Here's the article for Configuring a management server list for load balancing - 

https://support.symantec.com/en_US/article.HOWTO81154.html#v8112658

Mark this as solution, if this worked for you.