Endpoint Protection

 View Only

  • 1.  Can a GUP update SEP clients joined to another domain?

    Posted Dec 17, 2010 10:54 AM

    We are bringing in another company and planning the transition of moving them to our domain.  We already have a physical connection to their network and a test workstation joined to our domain in their location.  This test machine is running our SEP client. 

    I'm planning to make our workstation in their location a GUP to update their workstations as we install our SEP client on their workstations.  My question is, can this GUP update our SEP client while their workstations are still joined to their domain?  Or do their workstations need to be joined to our domain before the GUP can update them? 

    In other words, is the GUP functionality at all related to domain membership, or is network connectivity all that is required for a GUP to be able to update workstations? 

    Thanks. 



  • 2.  RE: Can a GUP update SEP clients joined to another domain?
    Best Answer

    Posted Dec 17, 2010 11:03 AM

    I believe it to be network connectivity more so. As long as clients can contact the SEPM on port 8014, they will be able to communicate. We had the same scenario a year or so back. They were being migrated to our domain from theirs. There was a trust in place between domains but pushing packages, updates, deploying GUPs worked without issue.



  • 3.  RE: Can a GUP update SEP clients joined to another domain?

    Posted Dec 17, 2010 11:05 AM

    Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)
    http://www.symantec.com/docs/TECH93813

    It doesn't mention anything about domains, but does cover 'Network considerations'.

    sandra



  • 4.  RE: Can a GUP update SEP clients joined to another domain?

    Posted Dec 17, 2010 11:30 AM

    This should work out fine provided that the systems at the new domain location are able to communicate with the systems on the original site.

    SEP clients would need to be able to communicate with the SEPM on port 8014 and they would also need to be able to communicate with the GUPs on port 2967.

    If you're using Windows XP as the GUP, it would be recommended to limit the amount of clients that are able to connect to update at one time because XP has a concurrent TCP connection limit of 10 & Windows 7 has a concurrent connection limit of 20.

    So in summary, SEP communications do not have any dependancy on domain relationships so long as they are able to communicate with the other network.



  • 5.  RE: Can a GUP update SEP clients joined to another domain?

    Posted Dec 17, 2010 03:22 PM

    Sounds good, thanks guys.  I will give it a try.