The Philosophy of SEPM Replication Setup

Article:TECH93107  |  Created: 2009-01-26  |  Updated: 2012-06-01  |  Article URL http://www.symantec.com/docs/TECH93107
Article Type
Technical Solution


Issue



While setting up a SEPM (Symantec Endpoint Protection Manager) and configuring database replication, customers wish to understand the nature of replication and receive "best practice" advice.


Solution



Q1: What is the maximum number of SEPM's I can have connected to a single data base?
A1: Given the amount of time that it can take for a SEPM to replicate to the database can span several hours, for the greatest flexibility and with the goal of not swamping the database, 3 SEPM's per database has been found to be effective.
Detailed Answer: If it takes the average SEPM 2 hours approximately (No replication event will take exactly the same amount of time as the last one. Each event will vary due to the amount of data collected between events) to dump its data to the database, and the next SEPM is scheduled to dump its data to the database in the following hour, then there will be some overlap. The desired situation is to not have SEPM's overlapping in connecting to the database. So, with 24 hours in the day and that the amount of data generally increases on the SEPM over time, a window of 2 - 3 hours per SEPM results in 3 to 5 SEPM's having enough time to connect to the database without overlapping.

Q2: How long does replication take?
A2: That will depend on the size of the database as well as network links between the sites. You should do a replication and see how long it takes and then schedule your replication based on that time.
Detailed Answer: Ideally, the following items have been reviewed prior to the install of the database and each SEPM:
1. The network links between the SEPM and the data base have been tested for effective performance (Ask about the AppCritical test.) and worked on as required.
2. The individual systems involved (SEPM's and the databases) meet or exceed the system requirements.
3. The NIC's on each system are relatively new and have the newest drivers installed.
After the physical hardware has been reviewed and determined to be performing satisfactorily, as these items can have a significant impact on the amount of time it takes for the replication to be accomplished, then setting up and observing one replication partner will be critical for planning purposes. Once a replication cycle has been observed and how long it takes to accomplish, then effectively scheduling the replication for each SEPM, without overlap, can be accomplished. See Q3 below for additional detail.

Q3: What data is replicated?
A3: Policies, clients, and groups always get replicated. Logs ("Replicate logs from the local site to this partner site"), and packages and definitions ("Replicate client packages and LiveUpdate content between the local site and the partner site") are optional. Also the initial replication will replicate the entire database, and then subsequent replications will only replicate changed data based on the USN number in the database and the items selected.

 




Legacy ID



2009032606482648


Article URL http://www.symantec.com/docs/TECH93107


Terms of use for this information are found in Legal Notices