Known Limitations with Multi-ESM Deployments
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Known Limitations with Multi-ESM Deployments
In a multi-ESM deployment, each ESM Server must meet
the requirements specified in ESM
Server Software Requirements. Multi-ESM deployments also
have the following limitations:
- Load balancing—See Load Balance Traffic to ESM Servers.
- IP addressing—Each ESM Server must have a static IP address.
- Scaling—You can install a maximum of five ESM Servers. To install additional servers, contact your Sales Engineer.
- LDAP—To use Active Directory (AD) objects as targets for security, agent, or agent settings rules, all ESM Servers (both local and remote) must have connectivity to your LDAP server.In addition, to ensure your remote endpoints receive the latest security policy, follow the guidelines for your ESM version:
- ESM 4.1.2 and later releases—To use AD objects as targets for security, agent, and agent settings rules, you must identify the ESM Server deployed in a perimeter network as a DMZ deployment and specify the LDAP domain name in the server settings. For more information on configuring an ESM Server for deployment in a perimeter network, see Manage ESM Server Settings.
- ESM 4.1.0 and ESM 4.1.1—In a multi-ESM deployment where an ESM Server cannot query the LDAP server—for example an ESM Server deployed in a perimeter network such as a DMZ—and rules specify AD objects, the Traps agents which connect to the ESM Server will not be able to obtain the security policy and will display a disconnected status. This means that if you install Traps agents to communicate with the external ESM Server and specify AD objects in your rules, the Traps agents will not receive any security policy until they connect to an internal ESM Server which can communicate with your LDAP server. To apply rules to a specific group of endpoints when an ESM Server cannot query your LDAP server, we recommend that you remove any AD objects from your security policy and instead define match conditions and apply them to your rules as needed.