10.3 Creating Locations

Security requirements for a device can differ from location to location. For example, you might have different personal firewall restrictions for a device located in an airport terminal than for a device located in an office inside your corporate firewall.

To make sure that a device’s security requirements are appropriate for whatever location it is in, Endpoint Security Management supports both global policies and location-based polices. A global policy is applied regardless of the device’s location. A location-based policy is applied only when the device’s current location meets the criteria for a location associated with the policy. For example, if you create a location-based policy for your corporate office and assign it to a laptop, that policy is applied only when the laptop’s location is the corporate office.

If you want to use location-based policies, you must first define the locations that make sense for your organization. A location is a place, or type of place, for which you have specific security requirements. For example, you might have different security requirements for when a device is used in the office, at home, or in an airport.

Locations are defined by network environments. Assume that you have an office in New York and an office in Tokyo. Both offices have the same security requirements. Therefore, you create an Office location and associate it with two network environments: New York Office Network and Tokyo Office Network. Each of these environments is explicitly defined by a set of gateway, DNS server, and wireless access point services. Whenever the Endpoint Security Agent determines that its current environment matches the New York Office Network or Tokyo Office Network, it sets its location to Office and applies the security policies associated with the Office location.

For detailed information on how to create locations, see Creating Locations.