—You can install a maximum of five ESM Servers.
To install additional servers, contact your Sales Engineer.
—To use Active Directory (AD) objects as targets
for security, agent, or agent settings rules, all ESM Servers (both
local and remote) must have connectivity to your LDAP server.
addition, to ensure your remote endpoints receive the latest security
policy, follow the guidelines for your ESM version:
4.1.2 and later releases
—To use AD objects as targets for security,
agent, and agent settings rules, you must identify the ESM Server
deployed in a perimeter network as a DMZ deployment and specify
the LDAP domain name in the server settings. For more information
on configuring an ESM Server for deployment in a perimeter network,
ESM Server Settings.
ESM 4.1.0 and ESM 4.1.1
—In a multi-ESM deployment
where an ESM Server cannot query the LDAP server—for example an
ESM Server deployed in a perimeter network such as a DMZ—and rules
specify AD objects, the Traps agents which connect to the ESM Server
will not be able to obtain the security policy and will display
a disconnected status. This means that if you install Traps agents
to communicate with the external ESM Server and specify AD objects
in your rules, the Traps agents will not receive any security policy
until they connect to an internal ESM Server which can communicate
with your LDAP server. To apply rules to a specific group of endpoints
when an ESM Server cannot query your LDAP server, we recommend that
you remove any AD objects from your security policy and instead
define match conditions and apply them to your rules as needed.