How do I manage Symantec Endpoint Protection Mobile Edition (SEPME) policies on mobile devices? Is there a way to view reports containing information on all of the managed SEPME 6 devices in the organization?
A Symantec Management Console (SMC) administration console is available for the managed mobile devices.
SEPME 6 is designed to be managed by using the Symantec Mobile Security Solution, which runs on the Symantec Management Platform. You can use the mobile solution to create and apply policies and review reports about the health and status of your devices. You can also use other components of the platform to create notifications and alerts, to view logs, and to customize your management environment.
Note: Establishing a management console for SEPME client reporting, policies and administration involves a significant investment of time, equipment, and bandwidth. It is not as simple as installing a default Symantec Endpoint Protection Manager (SEPM) for SEP clients. Please read the following instructions and related documents in full before deciding if a Symantec Management Console (SMC) for the mobile devices is required in the organization.
The following Connect article illustrates the install process for Symantec Mobile Security 7.2, which is very similar to the install for SEPME 6. Illustrated Guide to Installing Symantec Mobilie Security 7.2
To set up a console to manage SEPME clients, you will need to install two Symantec components:
- Symantec Management Platform 7.0 (SMP 7.0) - at present, SMP 7.1 is not supported.
- Symantec Mobile Security Solution 7.0.35.
You will also need to install an SQL server database and some additional components to configure and setup.
You should firstly check your system requirements:
Read the section “System requirements for Symantec Management Platform” on page 15 of the Symantec™ Management Platform 7.1MP1 Installation Guide
Note that symantec.sim.exe requires a 32-bit OS to run, or Windows 2008 R2 64-bit. The installer will not run if a different version of Windows 2008 is present.
If a MS SQL server is not identified on the system, the installer will offer the option to download and use a "Microsoft SQL Express 2008" database for evaluation purposes. Please note that this Express version should not be used in a live production environment! It also has certain prerequisites (will not install on Windows 2003, for instance). Check Microsoft documentation before considering this option.
Here are some basic recommended system requirements and components for installing Symantec Management Platform and the Symantec Mobile Security Solution to a server:
Operation System: Windows 2003 Service Pack 2
Database: MS SQL 2005 server with Service Pack 4
Internet Explorer Version 7 or 8.
.Net Framework 3.5 SP1
Memory should be at least 2GB
Disk Space requirement should be at least 10 GB.
You will need to have installed and enable:
- MS Message Queue Server Core
Note! The latest releases of SMP require a 64-bit Windows 2008 R2 server. SIM will ultimately install on Windows 2003, but may then only be able to create a package containing the additional components. SMP and SMC will not be installed.
Throughout the installation process, please use an account with ample privileges. This user must be a Windows user with local administrator rights to the Notification Server computer (server where SMP will be installed). It is recommended to install using a domain account. Do not install using an account local to a particular server (workgroup) as the user account used later for logging in to the SMC web interface may not have full access, and may not be able to function correctly.
Instructions for download and installing:
- Download the mobile security trialware from the following location: https://www4.symantec.com/Vrt/offer?a_id=82291
- On the Software Download page, click Download Now for Symantec Mobile Security Solution. This file is approximately 40 MB. Follow the on-screen instructions to set up Symantec Installation Manager.
- Check Automatically launch Symantec Installation Manager, and click Finish.
- On the Install New Products page, in the Available products list, select the Symantec Mobile Security Solution version 7.0.35 and the platform, and click Review selected products. (Note that product dependencies will require additional components to be automatically selected.)
- On the Selected Products and Features page, verity that the correct products are selected, and click Next.
- On the End User License Agreement page, check I accept the terms in the license agreements, and click Next.
- On the Install Readiness Check page, verify that the computer meets the minimum requirements, and click Next.
- On the appropriate pages, configure Notification Server and the database, and click Next.
For details about the information that these pages require, see Symantec Management Platform Installation Guide, chapter 3, "Installing the Symantec Management Platform products."
- Skip the Computers to Manage page, unless you install other solutions that require it at the same time as the mobile security solution, and click Begin install.
- Click Finish.
Now you have successfully installed the management components for SEPME. The necessary configuration file AgentInstallConfig.xml can be exported and applied to Windows Mobile and Symbian devices. Once these have registered and established a healthy connection to the Altiris Notification Server/Symantec Management Platform, open the browser-based Symantec Management Console and click Manage or Reports to view information on the mobile devices.
Additional information is contained in the Implementation Guide for Symantec Endpoint Protection, Mobile Edition and Symantec Network Access Control, Mobile Edition.
Symantec Management Platform (SMP):
Updating SEPME from an Internal LiveUpdate server: