A customer has purchased a hosted SEPM with public facing IP at a cloud service provider. The customer has 3 sites of which, 2 will require a GUP (200+ users) . How does one configure a GUP to talk back to the hosted SEPM if the GUP has an internal IP address? Can this be done? If so, what needs to be
done at customer and what needs to be done at cloud service provider?
The GUP talks to the hosted SEPM the same as any other SEP client in the estate. This typically just involves:
Obviously, it's recommended to enable and use HTTPS comms on this external SEPM, and to lock down console access.
Essentially, there's nothing really different in hosting a SEPM externally to having it placed inside your network. The client heartbeats all use their sylink.xml files to determine how they should contact the SEPM (name/IP address/etc), and after that it's just making sure the client can resolve the name, and route to the IP address over the port defined. Nothing special is required for the GUPs either, as they grab defs from the SEPM over the same heartbeat port, and the GUP port is used between the other SEP clients and the GUP, which is usually internal to your network.