Endpoint Protection

Hi

We having two different network segments having there separate Symantec endpoint protection environment running, (Both not connected each). Having there own SEPM servers to manage individual Symantec clients on there network. 

Now both network segments going merge (can access each other network). 

We want now keep single mangament Symantec endpoint protection (may adding multiple SEPM Servers for load sharing) .

My Question.

1. What will be easilest way bring clients into single environment without reinstalling client (as nos of client are far more)
2. Also these enviroment using different version of Symante endpoint (11 & 12.1)

Thanks 

Narsinh

1. What will be easilest way bring clients into single environment without reinstalling client (as nos of client are far more)

copy the sylink on the clients to be managed.

1. Also these enviroment using different version of Symante endpoint (11 & 12.1)

it should not be any issue. Ensure that the SEPM run on latest version .

Hi,

As pete_4u2002 said Sylink replacer will be one of the easiest option to point clients to new server.

Only one point to add here, SEPM 12.1 can manage both SEP 11.x and SEP 12.1 clients but SEPM 11.x can manage only SEP 11.x clients.

To replace sylink.xml file you would required Sylink replacer tool, there are two different Sylink replacer tools one for SEP 11.x & other for SEP 12.1

To get sylink replacer tool you will have to call support or log a web case.

please contact Symantec Technical Support via the support phone numbers listed below

Regional Support Telephone Numbers:
United States: https://support.broadcom.com (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

To create a web case : 

There are caveats you should know. You have to use the Symantec tool or use a startup script to replace the sylink because it will not allow you to do it while the computer is running, hence the tool. Our problem is we don't have an enviroment where gee it's the middle of the day and all the computers are on and I can just use the Sylink replacer tool. We have many notebooks and they are moving targets. You will spend your time swatting flies so to speak to try to catch them and you will never feel like they are all done.

IS there any other way than replacing Sylink file?.

sylink replacer or AD script is the option to replace sylink.

We have around 5k+ boxes  & how do we assure file get replaced.?

once the file is replaced, the clients start reporting to the server.

Also these two enivorment having different Group Structurs, Polices, how does things get replicated? or we need create on one of SEPM Server?

for that you need to add server as replication!

Thanks for info

IS there any other way than replacing Sylink file?.

We have around 5k+ boxes  & how do we assure file get replaced.?

Also these two enivorment having different Group Structurs, Polices, how does things get replicated? or we need create manually on one of SEPM Server?

Narsinh

IS there any other way than replacing Sylink file?.

sylink replacer or AD script is the option to replace sylink.

We have around 5k+ boxes  & how do we assure file get replaced.?

once the file is replaced, the clients start reporting to the server.

Also these two enivorment having different Group Structurs, Polices, how does things get replicated? or we need create on one of SEPM Server?

for that you need to add server as replication! - how does this possible since thes are having different version ?

Do suggest first one SEPMs replication partner to other one . ?

for that you need to add server as replication! - how does this possible since thes are having different version ?

replication works on the same SEPM version, you should be upgrading the existing infrastructure or install SEPM on new machine the same version that currently exist and add as an replication partner.

The new servers will be added as a replication partner.

Hi pete

When I try to add as a replication partner gives me error  certificate mismatch .

Does this need to add as additional site first ?

In that case what will happen existing clients or database, polices on second server ?

Above picture my requirement both enviroment working indiviual fine . need to merge  without lossing client information.

Narsinh Deshpande

As was stated above.  The first thing you should do is upgrade your servers so that both are running SEPM 12.1.

You will need to ensure you have enough licenses to do so.

Once this is done, Add as replication partner. This article describes that.

http://www.symantec.com/business/support/index?page=content&id=TECH104986

Once replication is setup and working properly, you can than Add a Management Server list.  This article describes that.

http://www.symantec.com/business/support/index?page=content&id=TECH103175
 

Once ALL your clients are effectively updated and receiving the updates management server list, you should have no more problems in shutting one down.  The clients will automatically begin connecting to the second server.

* * * * * *

Best practice dictates however, since you will have 5000+ nodes connecting to a single server, you should use probably use "Pull mode" for your clients.  This best practice guide - page 10 - states that the recommended ratio should be about 5,000 clients for 1 server. 

Attachment(s)

Endpoint Protection Sizing and Scalability Best Practices...3   688 KB 1 version

Hi

How  to set replication between two different symantec enviroments (two different company )

IF I try to add replication partner from Admin -Servers - Right click my site  - Add existing Replication partner .

I also tried to additonal Site from manager server configuration wizard ( existing  Server as addtional site to Server B) with existing database, then it prompt you may loss existing data.

I worried if go this, then I my lose my A server data (client information)

Help

Narsinh Deshpande  

you have to add a new one, two standalone SEPM cannot be replicated.

The Philosophy of SEPM Replication Setup:
 http://www.symantec.com/docs/TECH93107

How to add "Replication Partners" and Schedule Replication
http://www.symantec.com/business/support/index?page=content&id=TECH104986