Creating and assigning a management server list for a Endpoint Protection Manager
search cancel

Creating and assigning a management server list for a Endpoint Protection Manager

book

Article ID: 151377

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You have multiple Symantec Endpoint Protection Managers (SEPM) in your environment but only want certain ones used by Symantec Endpoint Protection (SEP) clients

Resolution

Adding a Management Server List

If your enterprise has multiple SEPMs, you can create a customized Management Server List (MSL). The MSL specifies the order in which clients in a particular group connect. Clients first try to connect to SEPMs that have been added with the highest priority. If SEPM with the highest priority is not available, then clients try to connect to management servers with the next higher priority. A MSL is automatically created for each site. All available SEPMs at that site are added to the default management server list with the same priority.

If you add multiple SEPMs at the same priority, then clients can connect to any of the SEPMs. Clients automatically balance the load between available SEPMs at that priority. You can choose betwenn using HTTPS or HTTP protocol for communication. If you want to secure communication further, you can customize the HTTP and HTTPS port numbers by creating a customized management server list. However, you must customize the ports before clients are installed or else the client-to-management server communication is lost. If you update the version of the SEPM, you must remember to re-customize the ports so that the clients can resume communication.

After you add a new management server list, you must assign it to a specific group or location or both.

To add a management server list:

  1. In the SEPM console, click Policies.
  2. In the Policies page, under View Policies, click Policy Components > Management Server Lists
  3. Under Tasks, click Add a Management Server List .
  4. In the MSL dialog, type the name of the management server list that you want to add in the Name box.
  5. Type the optional description of the management server list that you want to add in the Description box.
  6. Click Add. Setting up connections between management servers and clients or optional enforcers.
  7. In the Add a Server dialog, type the IP address or host name of the management server in the Server address box.
  8. Select the type of protocol that you want to use for communication between the clients and SEPMs:
    • Use HTTP protocol: Use this option if you want SEPMs to communicate by using HTTP. 
    • Use HTTPS protocol: (Default) Use this option if you want SEPMs to communicate by using HTTPS and if the server is running Secure Sockets Layer (SSL).
  9. If you require verification of a certificate with a trusted third-party certificate authority, check 'Verify certificate when using HTTPS protocol'
  10. In the MSL dialog, click Add and select New Priority. A new priority is created.
  11. Repeat step 10 for as many additional priorities as you need to add.
  12. In the Management Server dialog, under Management Servers, select the priority to which you want to add an IP address or host name of a management server.
  13. In the MSL dialog, click Add and select New server.
  14. In the Add Management Server dialog, type the IP address or host name of the SEPM in the Server address box.
  15. If you want to change the default port number for the HTTP protocol, check Customize HTTP port number. If you customize the HTTP port number after client deployment, clients lose communication with the SEPM.
  16. Type the number of the port that you want to use. The default port number for the HTTP protocol is 8014.
  17. If you want to change the default port number for the HTTPS protocol, check Customize HTTPS port number. The default port number for the HTTPS protocol is 443. If you customize the HTTPS port number after client deployment, clients lose communication with the SEPM.
  18. Repeat steps 13 through 17 for as many times as you need for each priority that you select. Setting up connections between management servers and clients or optional enforcers.
  19. In the Add Management Server dialog, click OK.
  20. In the Management Server Lists dialog, click OK.

Copying an existing management server list.

You can create and customize your management server list by copying an existing one, such as the Default Management Server List created during installation. After copying and pasting your policy, if you are changing the protocol from HTTPS to HTTP, please note that you will still need to define the HTTP port. To do this, click "Edit" under each server entry in the Management Servers list and select "Customize HTTP Port".

Assigning a management server list to a group and location

After you add a policy, you need to assign it to a group or a location or both. Otherwise the management server list is not effective. You must have finished adding or editing a management server list before you can assign the list.

To assign a management server list to a group and location:

  1. In the SEPM console, click Policies .
  2. In the Policies page, under View Policies, click Policy Components > Management Server Lists.
  3. In the Policies page, under Tasks, click Assign the list.
  4. In the Apply Management server list, check the groups and locations to which you want to apply the management server list.
  5. Click Assign.
  6. When you are prompted, click Yes.