Enrolling sites with replication partners in the cloud console

Refer to the following toppics for more information:
How do you enroll a site in the cloud console?
As of version 14.2, you set up replication between one site that is enrolled in the cloud console, and additional sites that are not. You enroll one site as the master site. All other sites can replicate directly with the master site, or replicate with each other. For example, if Site A is the master site, you enroll Site A into the cloud console. You configure Site B and Site C to replicate with Site A. Or, you can configure Site B to replicate with Site A, and configure Site C to replicate with Site B.
Process for enrolling multiple replicated sites
Task
Description
Step 1: Replicate the two sites before you enroll in the cloud console.
Replicate all policies, groups, and log events before you enroll the master site to avoid any database conflicts.
You can also add a replication partner after you enroll the master site in the cloud.
The master site can have multiple partner sites. See:
Step 2: Enroll the master site.
Choose and enroll one site as the master site to perform the enrollment and any further actions, such as creating policies.
For sites with multiple management servers, you only need to enroll one of the management servers. Any additional management servers are enrolled automatically.
You do not enroll the second site, or the partner site, in the cloud console
Step 3: Wait for synchronization to occur.
After the enrolled master site and the cloud console synchronize, the following events occur on the master site:
  • The bridge service is installed on all management servers automatically. However, the bridge service is only active on the management server that you used to enroll in the cloud console.
  • The master site synchronizes reporting events with the cloud console.
  • The master site uploads the groups, devices, policies, log events, client packages, and definitions for all clients that are not connected to this site.
  • The master site receives the policies, logs, and commands from the cloud console and immediately passes the data to the clients that communicate with this site.
For more information, see:
What happens after you enroll a Symantec Endpoint Protection Manager domain into the cloud console?
Step 4: Replicate the master site and any partner sites.
Schedule the replication so that both sites have the same enrollment data. After the replication occurs, the following events occur on the partner site:
  • The partner site receives the content from the cloud console based on the replication schedule with the master site. The clients that are connected to the partner site then receive this data.
  • The partner site gets the enrollment details from the master site. These details appear on the
    Cloud
    page >
    Troubleshooting
    page.
  • The partner site's management servers do not install the bridge service. Therefore, the partner site does not synchronize directly with the cloud console.
For more information, see:
Step 5: (Optional) Switch control of groups and devices to the cloud console.
By default, when you enroll an unreplicated
Symantec Endpoint Protection Manager
domain, the cloud console manages the client group structure. By default, when you enroll a replicated site,
Symantec Endpoint Protection Manager
manages the group structure.
  • If
    Symantec Endpoint Protection Manager
    is the master, you can add groups and policies on the master site, which then gets replicated on the partner site.
  • If you make the cloud console the master, first run replication with the partner site. This replication ensures that groups and policies you added on the partner site sync to the cloud console.
To switch control to the cloud console, enable the
Manage Devices
option after enrollment in
Settings >
Symantec Endpoint Protection Manager
Enrollment
in the cloud console.
You cannot perform failover or load balancing for the replicated partner.
Removing and restoring replication between the sites that are enrolled in the cloud console
If you remove the partnership between the master site and a partner site, you also remove the relationship with the cloud console.
To restore the partnership with the master site, use the
Add Existing Replication Partner
wizard.
You can also enroll the partner site in the cloud console directly as an individual site. In this case, you must create a different Symantec Cyber Defense Manager account. To restore the partnership with the master site, you must unenroll the partner site. Then, on the master site, reconfigure the partnership with the
Management Server Configuration Wizard
.
As a best practice, keep the partner site as an individual site and do not try to restore the replication with the master site.
For more information, see:
Troubleshooting replication for a site in the cloud console
To get information about master site enrollment and replication:
  • Look for replication events.
    On the master site, open the
    System log
    >
    Administrative
    log type, and look for the
    Replication events
    event type. See:
  • Look at the partner site's enrollment status.
    On the partner site, the
    Enrollment Status
    displays
    Enrolled
    .
    Other fields such as
    Connection Status
    display
    None
    .
    To display the enrollment information, click the
    Cloud
    page >
    Troubleshooting
    .