About determining how many sites you need

Article:HOWTO81147  |  Created: 2012-10-24  |  Updated: 2014-09-21  |  Article URL http://www.symantec.com/docs/HOWTO81147
Article Type
How To


About determining how many sites you need

A majority of small and medium-sized organizations need only a single site to centrally manage network security. Since each site has only one database, all data is centrally located.

Even a large organization with a single geographic location typically needs only needs one site. But for the organizations that are too complex to manage centrally, you should use a distributed management architecture with multiple sites.

You should consider multiple sites for any of the following factors:

  • A large number of clients.

  • The number of geographical locations and the type of communications links between them.

  • The number of functional divisions or administrative groups.

  • The number of datacenters. A best practice is to set up one Symantec Endpoint Protection site for each datacenter.

  • How frequently you want to update the content.

  • How much client log data you need to retain, how long you need to retain it, and where it should be stored.

  • A slow WAN link between multiple physical locations with thousands of clients. If you set up a second site with its own management server, you can minimize the client-server traffic over that slow link. With fewer clients, you should use a Group Update Provider.

    See Using Group Update Providers to distribute content to clients .

  • Any miscellaneous corporate management and IT security management considerations that are unique.

Use the following size guidelines to decide how many sites to install:

  • Install as few sites as possible, up to a maximum of 20 sites. You should keep the number of replicated sites under five.

  • Connect up to 10 management servers to a database.

  • Connect up to 45,000 to 50,000 clients to a management server.

After you add a site, you should duplicate site information across multiple sites by replication. Replication is the process of sharing information between databases to ensure that the content is consistent.

Table: Multi-site designs displays the multi-site designs you can choose from.

Table: Multi-site designs

Site design



Each site performs replication bi-directionally for groups and policies, but not logs and content. To view the site reports, you use the console to connect to a management server in the remote site.

Use this design when you do not need immediate access to remote site data.

Centralized logging

All logs are forwarded from the other sites to a central site.

Use this design when you require centralized reporting.

High availability

Each site has multiple management server installations and database clustering. You can configure client computers to automatically switch to an alternative management server if the primary management server becomes unavailable.

Use this design to provide redundancy, failover, and disaster recovery.


When you use replication with an embedded database, Symantec recommends that you do not add load balancing, as data inconsistency and loss may result.

See Setting up failover and load balancing.


Do not add sites to handle additional clients. Instead, you can install two or more management servers and use the management server list.

For more information on whether or not to set up replication, see the following knowledge base article: When to use replication with Symantec Endpoint Protection Manager

See How replication works.

See Setting up sites and replication.

See Managing content updates.

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO81147

Terms of use for this information are found in Legal Notices