Best Practices for configuring the number of content revisions to keep in Symantec Endpoint Protection Manager

Article:TECH92225  |  Created: 2009-01-05  |  Updated: 2014-09-22  |  Article URL http://www.symantec.com/docs/TECH92225
Article Type
Technical Solution

Product(s)

Issue



What are the best practices for setting the number of content revisions to keep in the Symantec Endpoint Protection Manager (SEPM)?


Solution



For versions of Symantec Endpoint Protection (SEP) earlier than 12.1.5, Symantec Endpoint Protection Manager (SEPM) must have previous content revision downloads in order to create a "delta", or differential, capable of updating a client from its current content version to the most recent version of that content being stored on the SEPM.  The value of deltas is that content revisions are kept to a minimal size as they are sent across the network.

For version 12.1.5, the management server downloads full content only once, at install time. Thereafter, deltas are downloaded, and the latest full content is reconstructed from the reference content version plus forward deltas. If earlier full versions are needed, they are reconstructed from the full content version plus backward deltas.

To determine how many content revisions you should keep consider the following:

  • For the majority of your clients how often do they communicate with their SEPM?
  • Historically, how long have your clients had to go without communication with their SEPM?
  • What disaster recovery scenarios must you consider and of what duration?
     

The number of content revisions to keep should depend on the need to balance network bandwidth usage with the amount of hard drive storage availability on the SEPM. This setting should be made with the specific network environment's requirements and limitations in mind.


Technical Information

To determine how long it will take to perform a content distribution update in a best case scenario, use the following formula of:

 Concurrent Connections x Content Size* ÷ Available Bandwidth  (in KBps) = Content Distribution Time (in seconds)

* Average Content Size = 200 Kb 

The following table assumes that the entire network is dedicated to the update -- that is, all available bandwidth is consumed by the content download, and all clients download content concurrently. A real world scenario would be more complex.


Example of Content Distribution Time with a 200kB update.

Bandwidth

Number of clients

Time

T1 (1.54Mbps, or 192.5 KBps)

 

5,000

15,000

90 minutes

4.5 hours

10 Mbps (1250 KBps)

 

5,000

15,000

14 minutes

40 minutes

100 Mbps (12,500 KBps)

 

5,000

15,000

80 seconds

4 minutes

1 Gbps (125,000 KBps)

 

5,000

15,000

8 seconds

24 seconds

 *Note that latency can also be affected by network utilization and protocol overhead.

 Content Storage 

  • You can configure the number of content revisions to store, at Admin > Servers > Edit Site Properties > LiveUpdate tab > Disk Space Management for Downloads. See the following knowledge base article: http://www.symantec.com/docs/TECH96214
  • A compressed and uncompressed copy of each content version can be kept on SEPM (versions earlier than 12.1.5 only)
  • All deltas from full definitions are kept on SEPM.

 



Legacy ID



2009020514050748


Article URL http://www.symantec.com/docs/TECH92225


Terms of use for this information are found in Legal Notices