HOW TO: Install Symantec Endpoint Encryption Management Server v8.2.1
This article is intended to be a basic step by step procedure for installing and configuring the Symantec Endpoint Encryption Management Server (SEEMS) version 8.2.1.
The Symantec Endpoint Encryption Management Server is responsible for managing client communication, database communication, and directory synchronization. Installation of SEEMS will create an IIS website for client communication. It will also create a database on a supported SQL server instance to store the data that is used by Symantec Endpoint Encryption. This article assumes that you have installed and configured all pre-requisites.
Install Symantec Endpoint Encryption Management Server
1. Locate the “Symantec Endpoint Encryption Management Server” .msi file and double-click to begin the installation.
2. The InstallShield Wizard will load, Click Next...
3. Read and accept the License Agreement. Click Next...
4. Configure Database Location and Credentials. Click Next...
- A. Specify the location of the Microsoft SQL Server Instance that will host the SEE database. Use one of the following methods to specify the database Instance:
B. If required, Check "Enable TLS/SSL" to encrypt all communications between the SEE Management Server and the database Instance. This must be configured within SQL to use.
- Click the arrow in the "Database Instance" text box, choose from the list of known Local SQL instances.
- Click Browse, to browse known database servers on your network, choose the instance if shown.
- Type the NetBIOS name of the instance, e.g. "SEEDB-01." If it is a Named Instance, you must also include the instance. e.g. "SEEDB-01\SQLExpress"
C. If required, Check "Custom Port Number" to communicate with the database over a custom port number. If your SQL Server is listening on a non-default port, you can specify the port being used here. This will be configured within SQL ahead of time.
D. Choose the authentication method to be used to connect to the database. These credentials will be used to create the database only. The account used to accedd the database will be specified later. This user must have the "dbcreator" and "securityadmin" SQL Server roles enabled. These credentials will not be stored or used again after database creation.
- Choosing Windows authentication will use your currently logged-in Windows user account. This account must have local administrator rights on the machine hosting the SEE Management Server.
- Choosing SQL authentication will allow you to specify a SQL account to be used.
5. Choose to Create a new database, or Use an existing database. Click Next...
- If you choose to create a new database, you can specify the database name, or use the default value.
- If you choose to use an existing SEE database, you must enter the correct name of the existing database.
Note: This option will also change some future screens that are presented, these changes will be noted on that step.
6. Choose the database access account type. Click Next...
- This account will be used by SEE to Access the database after it has been created. This credential will be stored and used for all database communication.
Note: If you chose to use an existing database, these options will be greyed out and the existing authentication type will be selected
Note: Your selection on this previous screen above will determine which of the next two screens will be presented.
7. Enter the appropriate credentials and click Next...
- If you Chose Windows authentication, enter the user name in DOMAIN\USERNAME format
- If you Chose SQL authentication, you can choose whether to create a new login on the SQL Server, or Use an Existing Login
Note: If you chose to use an existing database, you will need to use an existing SQL Login. Creating a new database allows either choice.
8. If you chose to create a new database, you will be able to customize the configuration if needed. Generally, default values are acceptable. Click Next...
Note: You will not see this screen if you chose to use an existing database
9. Choose the destination folder for the installation. Change from default if needed. Click Next...
10. Click Install to begin the installation.
11. The Installation of SEE Management Server may take a few minutes to complete. Click Finish to exit the wizard.
^Back to Top
Configure Symantec Endpoint Encryption Management Server
The SEEMS Configuration Wizard will launch after the InstallShield Wizard has completed.
Note: This screen may take a few moments to load, please configure SEEMS before moving on to other Installation steps.
1. Configure Directory Service Synchronization options, Click Next...
- If your environment employs either Microsoft Active Directory, or Novell eDirectory, you can choose to activate Directory Synchronization.
- Activating Directory Synchronization will allow client policies to be managed by the respective directory's group policy management.
- If you choose not to activate Directory Synchronization, client policies will be managed by the Symantec Endpoint Encryption Management Server itself.
- Check the box next to the appropriate directory, and Choose the Startup Mode and Sync Mode desired.
- If you check both boxes, you will also be asked which takes precedence if an endpoint is managed by both directories. Choose the desired option.
2. Configure Directory Service Synchronization Configuration Details. Click Next...
- Depending on your selection on the previous page, you will be able to configure the details for Directory Synchronization, for the directory type chosen.
- Provide the appropriate details for Directory Synchronization.
- Considerations for Active Directory Configuration
- If the Active Directory account used does not have domain administrator privileges, you must extend the account privileges to include "read" permissions to the deleted objects container within active directory. To extend these privileges you can use DSACLS as outlined in the following article. TECH147816
- You can add additional AD Forests by clicking Add..
- If you have more than one domain within your forest, you may configure a Domain Filter to control which domains SEE syncs with by clicking Configure Domain Filter
- To Secure communications between SEEMS and Active Directory, you can Check the Enable TLS/SSL checkbox.
- Considerations for Novell Configuration
- An eDirectory account with read-only permissions to the eDirectory tree is required
3. Configure the Web Service used for Client Check-in. Click Finish...
Important Note: The information entered in this page will be embedded into the Client installation Packages. If any changes are made here AFTER Client Packages have been deployed, Client Check-ins will fail. The Client Framework will need to be re-created and re-deployed. Please be sure that you have this configured the way that you want prior to creating any Client Packages.
- A. Enter the Host name of the Web Server
B. Enter IIS Client Account Credentials
C. Configure the Protocol and Port Number.
- a. Symantec suggests setting up a service account that can be used for the IIS account, that will have a password that does not expire.
b. The domain user does not need any specific privileges.
D. If HTTPS was Chosen, the "Client Computer Communications" section will allow you to Choose the certificates to be used.
- a. Choose either HTTP(Not secure) and HTTPS(Secure)
b. Enter a valid and unused port number that will be used for Client Communication for the protocol chosen.
- Make sure that the port number chosen is not being used by any other IIS Websites.
- The port may need to be opened in the Windows Firewall on the server as well.
- For instructions on how to configure SSL communication for SEE using an Internal Enterprise Certificate Authority, see this Article TECH166373
SEEMS will finish its configuration in the background, this may take a few moment. Once finished, you will see this message. Click OK to close the Window.
^Back to Top
You have now finished installing the Symantec Endpoint Encryption Management Server (SEEMS). The next step will be to install the SEE management console, with the required components, on the server and/or a supported manager computer.
Potential Next Steps:
|Install Full Disk Edition Management Console Component
||If you require SEE Full Disk Encryption in your environment, follow this link for instructions on "How to Install Symantec Endpoint Encryption Full Disk Edition Version 8.2.1 (Management Console)"
|Install Removable Storage Edition Management Console Component
||If you require SEE Removable Storage in your environment, follow this link for instructions on "How to Install Symantec Endpoint Encryption Removable Storage Edition Version 8.2.1 (Management Console)"
^Back to Top