After careful evaluation I've come to the conclusion that my best bet is to not use the UD system at all.
And here's why: (No order of precedence, just what happened to stream out first)
1. Uncooperative Network Design. Here’s what I mean by that. Our Network folks have segmented things by function rather than property-meaning we have linux windows cisco and all other manner of device in each segment all mixed together because they all work together. No (or little) thought was given to dividing up the segment into logical IP ranges per device type; everything is given an IP address because the address was simply unused.
2. The Unmanaged Detectors are essentially crap. They don’t discriminate what they find, if it has an address, it’s listed. Seriously? They can’t just show me the Windows units?
3. The Unmanaged Detectors appear to be “buggy”. Sometimes they list systems that have SEP Client installed fine; sometimes they don’t list the clients that have a corrupt installation; sometimes they list clients that are not online and haven’t been for weeks. The UD is just unreliable.
OK, so if you’ve bothered to read to this point, you can stop now because this is where I start the rant. (unless you’re a Symantec EP product manager)
I think that overall, if clear effort was given to making a UD System that actually worked as one would expect it to work, it would be a nice feature. But…
Symantec is missing the mark on client discovery/installation/repair/reinstallation of the fringe endpoints in the wild. IMHPO, the ability to completely silently, and without reboots, manage the installation conditions and properties of ALL SEP Client endpoints, regardless of where they are, is an absolute MUST HAVE.
The biggest battles I have with SEP are remediating corrupt or bad client installations remotely; especially the clients that exist on the other end of a café or hotel internet connection (not VPN). Luckily, many of our endpoints exist solely in-house and sometimes have the same IP address two days in a row. Our Help Desk can visit those if necessary. But should they have to? Me-thinks not.
The take-away here is that Symantec needs to develop a mechanism to remotely remediate a SEP client malfunction, completely and silently, from the SEP Management Console.
OK, rant over. …and no you can’t charge me therapist fees.