Which console should be used to manage Symantec Protection Engine?

Release : 9.0.1

SPE 9 Application console

• PRO: Installs on Windows as a non-service client application that communicates with REST API component of SPE 9 server.
• PRO: Privacy friendly. Does not require sending data to a cloud application.
• PRO: Valid target for new feature requests.
• PRO: Permits access to SPE 9 local quarantine, if enabled.
• PRO: Administers SPE 9 servers either individually or in groups containing up to 100 instances of SPE 9 Server.
• CON: requires access to port 8008 of target SPE 9 Server by default.
• CON: While application console itself does not require JRE, on each SPE 9 server, RESTAPI 9 requires 64-bit JRE 1.8 u232 or later, either Oracle Java or OpenJDK. 

SPE 8 Java based console - feature replaced by Application console, starting in SPE 9.1.0

• PRO: No additional install required beyond SPE9 Server. May need to be enabled.
• PRO: Privacy friendly. Does not require sending data to a cloud application.
• CON: Deprecated feature, so no longer a valid target for feature requests.
• CON: No access to local quarantine, even if enabled.
• CON: Only administers the local instance of SPE9 Server.
• CON: requires access to port 8004, 8005 on target SPE server.
• CON: each local SPE 8 server requires Oracle 64-bit JRE 1.8u232 or later. SPE 9 servers may also substitute OpenJRE of the same JRE version.

SPE 8 Web centralized console - discontinued, starting 2023-12-31

• PRO: Installs on Windows as a non-service client application which communicates with REST API component of SPE 9 server.
• CON: May not be friendly to privacy requirements. Requires sending data to the cloud.
• CON: Deprecated feature, so no longer a valid target for feature requests.
• CON: No access to local quarantine, even if enabled.
• PRO: Administers SPE 9 servers in groups containing up to 50 instances of SPE 9 Server.
• CON: Slated for de-commission target date 2023-12-31, conditional to completion of SPE9 connectors to replace CWP for Storage:Azure and CWP for Storage:AWS.
• CON: requires https access to https://securitycloud.symantec.com/cc/landing and https://usea1.r3.securitycloud.symantec.com 
• PRO: does not require Java JRE of any kind.

Alternatives to console

• Remotely connect to the command line of the machine where SPE is installed and administer locally as a Core only install of SPE. Support uses this option as a workaround to query or set any configuration option which is not present in any given console. It always works, and when it doesn't, Support can identify and resolve the issue. 
• Code a custom console using SPE 9 REST API.

References: 

• About Symantec Protection Engine console
  
  
• About the Core server only mode
  
  
• How to monitor SPE performance in a "Core" only install?
  
  
• How to enable and access the Protection Engine 8.x Java console
  
  
• How to disable the Protection Engine local Java user interface after installation