Note: configuring an "Explicit Group Update Provider list" does not turn clients into Group Update Providers.
To turn clients into GUPs, first configure single or multiple Group Update Providers. A client will become a GUP when the data entered matches its own attributes. The Explicit Group Update Provider list will then be used to map the clients to their respective Explicit GUPs.
An example scenario when Explicit GUPs for Roaming Clients might be used is the following:
The environment consists of 3 Subnets divided by Computer Roles:
- A Server Farm Subnet with Network Address 10.0.0.0
- A Marketing Subnet with Network Address 188.8.131.52
- An Engineering Subnet with Network Address 192.168.10.0
Note: in this example the Network Addresses are chosen for demonstration purposes only.
The client machines in the Marketing and Engineering subnets need to be configured to get updates from a GUP situated in the Server Farm network.
To create the Group Update Provider policy, the following steps have to be taken:
- Identify the machines in the Server Farm Subnet that will become the GUPs
In this example the designated GUPs are the following:
A computer with IP address 10.10.10.1 and subnet mask 255.0.0.0
A computer with IP address 10.10.10.2 and subnet mask 255.0.0.0
- Configure these two computers as Multiple Group Update Providers:
- Configure the clients in the Marketing Subnet 184.108.40.206 to use one of the GUPs in the Server Farm Network
- Configure the clients in the Engineering Subnet 192.168.10.0 to use one of the GUPs in the Server Farm Network
This can be done by either specifying the IP Address of an individual GUP in the Server Farm Network, or by specifying the Network Address of the Server Farm Network.
Note: You can calculate the value of the Client Subnet Network Address and the GUP Subnet Network Address by using one of the subnet calculators readily available on the Internet. This address is sometimes also referred to as the network prefix or network ID.
- Configure the clients in the Marketing Subnet 220.127.116.11 to use a GUP with IP Address 10.10.10.1 in the Server Farm Network
- Configure the clients in the Engineering Subnet 192.168.10.0 to use any GUP in the Server Farm Network by specifying its Network Address
The workflow could be summarized as follows:
- You map "client subnet" to "GUP to use" in Endpoint Protection Manager (SEPM)
- A SEP 12.1.2 (or later) Client parses the new policy and extracts relevant data from the GUP list to select the new GUP Type.
- The Client then verifies:
"Am I in the subnet that is supposed to use the Explicit GUP?"
"Which subnet is the Explicit GUP in - is it in a different subnet than mine?"
"Who is the actual GUP?"
- The Client will first try to use available local GUPs before using any of the Explicit GUPs
Note: If multiple GUPs are defined in either the client's local subnet or the Explicit GUP list, the client will use the GUP with the lowest IP Address.
- The GUP itself need not be a 12.1.2 Client.