Choosing between the on-premises management, hybrid management, or cloud-only management options
The
Symantec Endpoint Protection
14.0.1 (14.1) agent or later are the agent versions that Symantec Endpoint Security
(Endpoint Security
) manages. These agents are cloud-enabled and you can manage them from either Symantec Endpoint Protection Manager
(SEPM) or the Integrated Cyber Defense Manager
cloud console.
You can manage the agents from the cloud only, on-premises only, or a combination of both (hybrid management):
- For cloud management only, you use theSymantec Integrated Cyber Defense Manager(ICDm), a unified cloud console. You must purchase either Symantec Endpoint Security Enterprise or Symantec Endpoint Security Complete.
- For on-premises management, you install theSymantec Endpoint Protection Manager, which is the management console forSymantec Endpoint Protection. You can purchaseSymantec Endpoint Protection, Symantec Endpoint Security Enterprise, or Symantec Endpoint Security Complete.
- For hybrid management, you use theSymantec Endpoint Protection Managerfor on-premises managed devices and the ICDm console to manage cloud-managed devices. You enroll eachSymantec Endpoint Protection Managerdomain in the ICDm cloud console. Enrollment gives you a single view of all devices and alerts in ICDm. In addition, you can manage your devices and some policies from ICDm for your entire hybrid deployment. However, you can manage the rest of the protection for your on-premises devices from the Symantec Endpoint Protection Manager. You must purchase Symantec Endpoint Security Enterprise or Symantec Endpoint Security Complete.
If you want to... | Use this product |
---|---|
Manage clients entirely using the cloud console | Symantec Endpoint Security (EnterpriseComplete) The cloud only management console is the Integrated Cyber Defense Manager (ICDm) and the devices use Symantec Agents version 14.2 RU1 or later. You create and deploy the agent installation package from Symantec Endpoint Security . You install the on-premises client software on the devices, as before.You manage the agents completely from the cloud, which bypasses communication with the on-premises management console, Symantec Endpoint Protection Manager . Use this approach in the following situations:
To manage your agents from the cloud, you log on to your Symantec Security cloud account directly. If you installed Symantec Endpoint Protection Manager , you do not enroll the domain in the cloud.When you upgrade to Symantec Endpoint Security , the equivalent setting in the cloud takes precedence over the Symantec Endpoint Protection Manager setting. If there is no equivalent setting, the previous Symantec Endpoint Protection Manager setting takes precedence.If you upgrade from Symantec Endpoint Protection Manager to the cloud, you can later revert back to managing with Symantec Endpoint Protection Manager . However, you must reinstall the management server if you uninstalled it. Make sure you make a backup of the database before you upgrade in case you need to perform disaster recovery later. You can use the smc command to convert Windows devices back to management by the Symantec Endpoint Protection Manager . |
Manage clients entirely using the on-premises Symantec Endpoint Protection Manager | Symantec Endpoint Protection or Symantec Endpoint Security (Enterprise or Complete)You do not enroll a SEPM domain in the cloud. You create and deploy the client installation package from the Symantec Endpoint Protection Manager .Use this approach in the following situations:
|
Manage both legacy clients and cloud-only managed agents (hybrid) | Symantec Endpoint Protection or Symantec Endpoint Security (Enterprise or Complete)For a successful hybrid deployment, SEPM and the agents must be version 14.1 or later. You manage the agents and some policies from Symantec Endpoint Security . You manage clients earlier than 14.1 from the Symantec Endpoint Protection Manager .Note: The Symantec Endpoint Protection client is the same as the Symantec Agent. Use this approach in the following situations:
If you upgrade to the hybrid model, and later want to revert back to Symantec Endpoint Protection Manager only, you simply unenroll the Symantec Endpoint Protection Manager domain. This option provides more flexibility; you can move fully to the cloud at a later point. |
The 14.0.1 or later client functions slightly differently if the
Symantec Endpoint Protection Manager
manages it rather than Symantec Endpoint Security manages it. The Symantec Endpoint Protection Manager
controls more options on the client, while Symantec Endpoint Security
controls fewer options. The Symantec Endpoint Protection Manager
provides more options for the user to configure; the cloud-managed client provides fewer options. However, Symantec adds new features in Symantec Endpoint Security
in monthly refreshes.