Automatic Deployment Using Deployment Rules

Use Deployment rules to automatically download and install pre-configured packages on endpoint computers. Define deployment rules and manage deployments using SmartEndpoint. See the status of all deployments in the Reporting tab.

When you deploy Endpoint Security clients with automatic deployment, we recommend that you install two deployment packages on endpoint clients:

  1. Initial Client -This package includes the Endpoint Agent that communicates with the Endpoint Security Management Server. This must be distributed manually through an exported package.

  2. Endpoint Security Component Package -This package includes the specified components to be installed on the endpoint client. It can be distributed automatically with Deployment rules.

You can configure the policies for the components before or after you deploy the component package.

Important - You must not change the name of a client MSI package from EPS.msi. It is permitted to change the name of a Dynamic Package (the .EXE file).


The Initial Client is for 32-bit and 64-bit computers.

To get the Initial Client with SmartEndpoint:

  1. In SmartEndpoint, open the Deployment tab.

  2. Under Initial Client, click Download.

    The Package download configuration window opens.

  3. Optional: To add users who install this package to a Virtual Group, click the arrow to expand Virtual Group.

    • Choose Select Virtual Group. Endpoints installed with the exported package will automatically be added to it.

    • Select a Virtual Group or click Add New to create a new group.

  4. For upgrades from R73: Click the arrow to expand R73 Client Upgrade.

    1. Select Support R73 client upgrade.

    2. Optional: To upgrade without user input, select Silent Upgrade. If this is not selected, users are prompted to upgrade.

    3. Optional: To force reboot after a silent upgrade, select Force reboot. If this is not selected, users are asked to reboot.

    4. Enter Legacy upgrade passwords if relevant for Secure Access and Full Disk Encryption EW.

  5. Click Download.

  6. In the Save Location, right-click and select New > Folder. Give the folder a name that describes the package contents, such as 'Initial Client.

  7. Click OK.

    The Endpoint Security Management Server downloads the package from the internet and saves it to the specified folder.

To get the Initial Client from the Support Center:

  1. Create a folder for the Initial Client on your local computer.

  2. Go the Support Center Web site.

  3. Search for Endpoint Security Management Server.

  4. In the Version filter section, select the latest supported client version.

  5. Download Endpoint Security <version> Client for Windows.

  6. Create a new folder with a name that describes the package contents, such as 'Initial Client.

  7. Copy EPS.msi to the folder.

You can get the Initial Client from SmartEndpoint, the distribution media, or download an Endpoint Security client from the Support Center. If you do not get the Initial Client from SmartEndpoint, you must give endpoint users the Endpoint Security Management Server host name or IP address. They enter this information to connect to the Endpoint Security Management Server manually.

You can use third-party deployment software to deploy the Initial Client to endpoint computers. The MSI package can be run manually by users or silently by a third party deployment tool.

For new client installations with automatic software deployment, use the eps.msi Initial Client.

For upgrades from E80.x and higher, use a complete software package, not the Initial Client.

To upgrade legacy R73 clients, use the PreUpgrade.exe Initial Client, which unlocks legacy files using a predefined uninstallation password. It then continues to install the Initial Client package.

Deployment rules let you manage Endpoint Security Component Package deployment and updates using SmartEndpoint. The Default Policy rule applies to all endpoint clients for which no other rule in the Rule Base applies. You can change the default policy as necessary.

You can define more rules to customize the deployment of components to groups of endpoint computers with different criteria, such as:

  • Specified Organizational Units (OUs) and Active Directory nodes

  • Specified computers

  • Specified Endpoint Security Virtual Groups, such as the predefined Virtual Groups ("All Laptops", "All Desktops", and others.). You can also define your own Virtual Groups.

You must install an Initial Client on endpoint computers before you can deploy components with automatic software deployment.

To create new rules for automatic Deployment:

  1. Click the Deployment tab and select Deployment Rules.

  2. Click the Create Rule icon.

    The Create Rule Wizard opens.

  3. In the Select Entities window, select an entity (OU, Virtual Group, or Computer). Double-click the node to show the items contained in that node.

  4. Click Next.

  5. In the Change Rule Action Settings window,

    1. Click the action.

    2. Select a package version or click Manage Client Versions to upload a different client version from in the Packages Repository.

    3. Select components to install and clear components that are not to be installed with this rule.

  6. Click Next.

  7. In the Name and Comment window, enter a unique name for this rule and an optional comment.

  8. Click Finish to add the rule to the Deployment Rules.

  9. Click Save.

  10. Install the policy.

You can deploy Endpoint Security components to Endpoint Security clients according to Virtual Groups.

This example shows Software Deployment Rules that specify the components to be deployed to the All Laptops and All Desktops Virtual Groups.

Read the comments in the rules.

No

Name

Applies to

Actions

Comment

-

Software Deployment

 

 

 

 

Default Deployment

Entire Organization

Do Not install

Default Software Deployment settings for the entire organization

 

-

2 more rules

 

 

 

1

Deployment to Desktops

All Desktops

\Virtual Groups

Endpoint Client Version 80.88.4122

Selected blades

 

2

Deployment to laptops

All Laptops

\Virtual Groups

Endpoint Client Version 80.88.4122

Selected blades

Same as desktop plus Full Disk Encryption and Endpoint Security VPN

To edit rules for automatic Deployment:

  1. Click the Deployment tab and select Deployment Rules.

  2. Select a rule.

  3. From most columns, right-click to get these options:

    • Clone Rule - Make a new rule with the same contents.

    • Delete Rule - Delete the rule.

    • Download Package - Download the package for export. This includes the Initial Client and Endpoint Security Component Package.

  4. To change the name, Double-click the Name cell and enter a different name.

  5. To change an Applies To parameter, right-click an entity and select an option:

    • Add new entity to this rule - Select an entity from the tree to add to the rule.

    • Remove entity from this rule - Select an entity to delete.

    • Navigate to item - Go to the selected entity in the Users and Computers tab.

    • Add to Virtual Group - Add the selected entity to a Virtual Group.

  6. In the Actions column:

    • Select a package version or click Manage Client Versions to upload a different client version from in the Packages Repository.

    • Select components to install and clear components that are not to be installed with this rule.

  7. On the toolbar, click Save.

  8. Install the policy.

After the Initial Client is successfully deployed and you have Deployment rules, install Endpoint Security Component Packages from SmartEndpoint.

Edit the Client Settings rules to change client installation settings.

To install Endpoint Security Component Packages on endpoint computers:

  1. On the Deployment tab, click Install.

  2. If prompted, click Save to save the rules.

  3. Select the Rules to install and then click Install.

To make sure that a rule does not install:

Right-click in the Actions column of a Deployment rule and select Do not install.