spacer
Support - Platinum Support
tab end BCS Web Site divider MySupport divider Log Out navbar end
navbar end home symantec alerting service security center knowledge base navbar end
spacer
BCS Knowledge Base

spacer
spacer

Rate This Document
1x3 spacer
1x1 spacer

print this documentDocument ID:2007123110045548
Last Modified:11/16/2009

Creating and assigning a management server list for a Symantec Endpoint Protection Manager

Situation:You have multiple SEPM systems in your environment and wish the clients to communicate only to specific ones

Solution:Adding a management server list

If your enterprise has multiple Symantec Endpoint Protection Managers, you can create a customized management server list. The management server list specifies the order in which clients in a particular group connect. Clients and optional Enforcers first try to connect to Symantec Endpoint Protection Managers that have been added with the highest priority. If Symantec Endpoint Protection Managers with the highest priority are not available, then clients and optional Enforcers try to connect to management servers with the next higher priority. A default management server list is automatically created for each site. All available Symantec Endpoint Protection Managers at that site are added to the default management server list with the same priority.

If you add multiple Symantec Endpoint Protection Managers at the same priority, then clients and optional Enforcers can connect to any of the Symantec Endpoint Protection Managers. Clients automatically balance the load between available Symantec Endpoint Protection Managers at that priority. You can use HTTPS protocol rather than the default HTTP for communication. If you want to secure communication further, you can customize the HTTP and HTTPS port numbers by creating a customized management server list. However, you must customize the ports before clients are installed or else the client-to-management server communication is lost. If you update the version of the Symantec Endpoint Protection Manager, you must remember to re-customize the ports so that the clients can resume communication.

After you add a new management server list, you must assign it to a specific group or location or both.

See the "Assigning a management server list to a group and location" section below.

To add a management server list:

  1. In the Symantec Endpoint Protection Manager console, click Policies.
  2. In the Policies page, under View Policies, click Policy Components > Management Server Lists
  3. In the Policies page, under Tasks, click Add a Management Server List .
  4. In the Management Server Lists dialog, type the name of the management server list that you want to add in the Name box.
  5. In the Management Server Lists dialog, type the optional description of the management server list that you want to add in the Description box.
  6. In the Management Server Lists dialog, click Add. Setting up connections between management servers and clients or optional enforcers.
  7. In the Add a Server dialog, type the IP address or host name of the management server in the Server address box.
  8. In the Add a Server dialog, select the type of protocol that you want to use for communication between the clients, optional Enforcers, and Symantec Endpoint Protection Managers:
    • Use HTTP protocol: The default setting is Use HTTP protocol
    • Use HTTPS protocol: Use this option if you want Symantec Endpoint Protection Managers to communicate by using HTTPS and if the server is running Secure Sockets Layer (SSL).
  9. If you require verification of a certificate with a trusted third-party certificate authority, check 'Verify certificate when using HTTPS protocol'
  10. In the Management Server Lists dialog, click Add and select New Priority. A new priority is created.
  11. Repeat step 10 for as many additional priorities as you need to add.
  12. In the Management Server dialog, under Management Servers, select the priority to which you want to add an IP address or host name of a management server.
  13. In the Management Server Lists dialog, click Add and select New server.
  14. In the Add Management Server dialog, type the IP address or host name of the Symantec Endpoint Protection Manager in the Server address box.
  15. If you want to change the default port number for the HTTP protocol, check Customize HTTP port number. If you customize the HTTP port number after client deployment, clients lose communication with the Symantec Endpoint Protection Manager.
  16. Type the number of the port that you want to use. The default port number for the HTTP protocol is 8014.
  17. If you want to change the default port number for the HTTPS protocol, check Customize HTTPS port number. The default port number for the HTTPS protocol is 443. If you customize the HTTPS port number after client deployment, clients lose communication with the Symantec Endpoint Protection Manager.
  18. Repeat steps 13 through 17 for as many times as you need for each priority that you select. Setting up connections between management servers and clients or optional enforcers.
  19. In the Add Management Server dialog, click OK.
  20. In the Management Server Lists dialog, click OK.

Assigning a management server list to a group and location

After you add a policy, you need to assign it to a group or a location or both. Otherwise the management server list is not effective. You must have finished adding or editing a management server list before you can assign the list.

To assign a management server list to a group and location:

  1. In the Symantec Endpoint Protection Manager console, click Policies .
  2. In the Policies page, under View Policies, click Policy Components > Management Server Lists.
  3. In the Policies page, under Tasks, click Assign the list.
  4. In the Apply Management server list, check the groups and locations to which you want to apply the management server list.
  5. Click Assign.
  6. When you are prompted, click Yes.


References:To learn more about management servers please review Chapter 8 "Setting up connections between management servers and clients" in the Administration_guide.pdf.

print this documentDocument ID:2007123110045548
Last Modified:11/16/2009


rate this document
Does this document answer your question?
Yes
No
Maybe, need to test
None of the above
Is this document well written and easy to use?
Submit specific suggestions to improve the quality of this document.


Product(s): Endpoint Protection 11
Operating Systems(s): Windows 2000 Professional, Windows 2000 Server/Advanced Server, Windows XP Professional Edition, Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition
Date Created: 12/31/2007

  © 1995-2014 Symantec Corporation. All rights reserved. feedback | legal notices | privacy policy