Manual Deployment Using Packages for Export

You can export a package of Endpoint Securitycomponents from the Endpoint Security Management ServerClosed A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. to endpoint clients using third party deployment software, a shared network path, email or other method.

When you create package of Endpoint Security components for export, the Initial Client is usually included in the package, and not installed first.

You can only see the deployment status after the package is successfully installed.

The procedure for creating a package is almost the same as for defining a Deployment RuleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.. You select different sets of components for Desktop computers and laptops in a package. The package installation program automatically detects the computer type and installs the applicable components.

  1. In the Deployment tab, select Packages for Export.

  2. To add a new package, click Add Package.

    The new package shows at the bottom of the list.

  3. Double-click the Name cell in the applicable package and enter a package name.

  4. Optional: Double-click the Version cell and select a different Endpoint Client version from the list.

    You can select Manage Client Versions, to add more package versions to the repository.

  5. Click the Desktop Blades and Laptop Blades cells and then select the components to include in each package.

  6. Optional: In the Settings column select a Virtual Group or create a new one. Users who install this package will automatically be put in this Virtual Group.

  7. Optional: In the Settings column, if you defined an Endpoint Connect VPN component, right-click the VPN setting and do one of these actions:

    • Select a predefined VPN site from the list.

    • Use a local VPN settings file

    • Add a new VPN site

  8. If you are upgrading legacy Endpoint Security release, in the Settings column:

    • Double-click the legacy upgrade option and select Support client pre-install upgrade.

    • Select Silent mode active or Silent mode not active.

    • Select the Legacy Secure Access option and click Configure Upgrade Password to enter and confirm the password.

    • Select the Legacy Full Disk Encryption EW option and click Configure Upgrade Password to enter and confirm the applicable passwords.

  9. In the Software Deployment Rules window, click Save.

To delete an existing package definition, select the package Name and click Remove Package.

When you use an exported package, you can configure each component package to connect to a default VPN site.

You can configure a default VPN site for packages for export. You cannot configure a default VPN site with automatic Deployment rules. To distribute a defined VPN site with Deployment rules, you can:

  • Use Deployment rules to distribute an Endpoint Security component package without Endpoint Connect VPN.

  • Create a package for export that includes only Endpoint Connect VPN and distribute it manually.

By default, no VPN site is defined for a new package. In the Packages for Export window, in the Settings cell of the package, the default setting is No VPN site defined.

To configure a client package with a default VPN site:

  1. In the Deployment tab, go to the Packages for Export page and select a package. Make sure it includes Endpoint Connect VPN in theSelected blades.

  2. In the Deployment tab, go to Advanced Package Settings > VPN Client Settings.

  3. Click New.

  4. In the Endpoint Secure Configuration window, enter the VPN Site details:

    • Display Name - Unique name for this VPN site

    • Site address - Site IP address

  5. Select an Authentication Method from the list:

    • Username-password - Endpoint users authenticate using their VPN user name and password

    • CAPI certificate - Endpoint users authenticate using the applicable certificate

    • P12 certificate - Endpoint users authenticate using the applicable certificate

    • SecurID KeyFob - Endpoint users authenticate using a KeyFob hard token

    • SecurID PinPad - Endpoint users authenticate using the an SDTID token file and PIN

    • Challenge-response - Endpoint users authenticate using an administrator supplied response string in response to the challenge prompt.

  6. Click OK.

  1. In the Packages for Export window, select a package.

  2. When using a Dynamic Package, configure the exported package.In the Settings column, select Additional Settings and click Advanced Package Configuration. See Configuring a Dynamic Package

  3. Click Download Package.

  4. In the Export Package window:

    1. For dynamic packages, Any CPU is selected.For MSI packages, select the platforms (32-Bit and/or 64 bit) to export for laptops and desktops.

    2. Click Download.

  5. Click OK.

  6. Select a location to save the files.

    The package are downloaded to the specified path. A different folder is automatically created for each option selected in step 3a. When using Dynamic Package, the name of the exported package is EPS.exe. Otherwise, the name of the package is EPS.msi and/or PreUpgrade.exe.

Send the package to the users. When using Dynamic Package, the exported package is a self extracting executable (*.EXE). By default, the filename is EPS.exe. For other types of package, the name of the package is EPS.msi and/or PreUpgrade.exe.

Endpoint users manually install the packages. On Windows 8.1 and higher clients, you must install an exported package with Run as administrator selected. You cannot install it with a double-click.

You can also use third party deployment software, a shared network path, email, or some other method