Automatic Deployment Overview
When you deploy Endpoint Security clients with automatic deployment, we recommend that you install two deployment packages on endpoint clients:
- This package includes the Endpoint Agent that communicates with the Endpoint Security Management Server. This must be distributed manually through an exported package.
- This package includes the specified Software Blades to be installed on the endpoint client. It can be distributed automatically with Software Deployment rules.
For manual deployment and upgrades, install the . Do not install the Initial Client first.
You can configure the policies for the Software Blades before or after you deploy the Software Blade package.
|
Important - The name of client packages must stay .
|
Deploying the Initial Client
You can get the Initial Client from SmartEndpoint, the distribution media, or download an Endpoint Security client from the Support Center. If you do not get the Initial Client from SmartEndpoint, you must give endpoint users the Endpoint Security Management Server host name or IP address. They enter this information to connect to the Endpoint Security Management Server manually.
You can use third-party deployment software to deploy the Initial Client to endpoint computers. The MSI package can be run manually by users or silently by a third party deployment tool.
For new client installations with automatic software deployment, use the Initial Client.
For upgrades from E80.x, use a complete software package, not the Initial Client.
To upgrade legacy R73 clients, use the Initial Client, which unlocks legacy files using a predefined uninstallation password. It then continues to install the Initial Client package.
Getting the Initial Client Packages
The Initial Client is for 32-bit and 64-bit computers.
To get the Initial Client with SmartEndpoint:
- In SmartEndpoint, open the tab.
- Under, click .
The window opens.
- Optional: To add users who install this package to a Virtual Group, click the arrow to expand
- Select .
- Select a Virtual Group or click to create a new group.
- For upgrades from R73: Click the arrow to expand
- Select .
- Optional: To upgrade without user input, select . If this is not selected, users are prompted to upgrade.
- Optional: To force reboot after a silent upgrade, select . If this is not selected, users are asked to reboot.
- Enter Legacy upgrade passwords if relevant for and .
- Click .
- In the Save Location, right-click and select > . Give the folder a name that describes the package contents, such as '
- Click .
The Endpoint Security Management Server downloads the package from the internet and saves it to the specified folder.
To get the Initial Client from the Support Center:
- Create a folder for the Initial Client on your local computer.
- Go the Support Center Web site.
- Search for Endpoint Security Management Server.
- In the filter section, select the latest supported client version.
- Download .
- Create a new folder with a name that describes the package contents, such as '
- Copy
EPS.msi
to the folder.
Deploying the Software Blade Package with Deployment Rules
Software Deployment rules let you manage Software Blade Package deployment and updates using SmartEndpoint. The rule applies to all endpoint clients for which no other rule in the Rule Base applies. You can change the default policy as necessary.
You can define more rules to customize the deployment of Software Blades to groups of endpoint computers with different criteria, such as:
- Specified Organizational Units (OUs) and Active Directory nodes
- Specified computers
- Specified Endpoint Security Virtual Groups, such as the predefined Virtual Groups (“All Laptops”, “All Desktops”, and others.). You can also define your own Virtual Groups.
You must install an Initial Client on endpoint computers before you can deploy Software Blades with automatic software deployment.
Creating New Deployment Rules
To create new rules for automatic
- Click the tab and select .
- Click the .
The opens.
- In the window, select an entity (OU, Virtual Group, or Computer). Double-click the node to show the items contained in that node.
- Click .
- In the window:
- Select a package version or click to upload a different client version from in the .
- Select Software Blades to install and clear Software Blades that are not to be installed with this rule.
- Click .
- In the window, enter a unique name for this rule and an optional comment.
- Click to add the rule to the .
- Click .
- Install the policy.
Changing Existing Deployment Rules
To edit rules for automatic
- Click the tab and select .
- Select a rule.
- From most columns, right click to get these options:
- - Make a new rule with the same contents.
- - Delete the rule.
- - Download the package for export. This includes the Initial Client and Software Blade Package.
- To change the name, Double-click the cell and enter a different name.
- To change an parameter, right click an entity and select an option:
- - Select an entity from the tree to add to the rule.
- - Select an entity to delete.
- - Go to the selected entity in the Users and Computers tab.
- - Add the selected entity to a Virtual Group.
- In the column:
- Select a package version or click to upload a different client version from in the .
- Select Software Blades to install and clear Software Blades that are not to be installed with this rule.
- On the toolbar, click .
- Install the policy.
Installing Packages on Clients with Software Deployment
After the Initial Client is successfully deployed and you have Software Deployment rules, install Software Blade Packages easily from SmartEndpoint.
Edit the Client Settings rules to change client installation settings.
To install Software Blade Packages on endpoint computers:
- On the tab, click .
- If prompted, click to save the rules.
- Select the Rules to install and then click .
To make sure that a rule does not install:
Right-click in the Actions column of a Software Deployment rule and select .