Implementation approach for Symantec endpoint protection
We will consider a scenario in which we have one central site and let say 25 sites across the globe with more than 25000 clients
The main purpose of the document is to decide how to go about implementing different sites without affecting the bandwidth.
Scenario: -
1. How clients are being managed?
2. How we are planning to distribute the virus definitions update?
Let’s take up one scenario at a time.
- How clients are being managed?
We have central site and 25 other sites and the clients which are dispersed across the globe. Now there can be two sub scenarios in the same.
Scenario 1: - All the clients are managed centrally.
In order to make this situation work we need to configure failover and load balancing so that we don’t have a one point of failure which we don’t want in any situation.
Now the clients will communicate with central location from across the globe which will utilize bandwidth at great extend. Because the definitions update and client policy update will be updated from central location. Also when there is upgrade to be done on the network the auto upgrade schedule will take the update from central server.
There solution to the above mentioned problem is to configure group update provider for each sites. So the group update provider will update definitions from SEPM and will provide updates to the client to their respective sites.
However the product upgrade needs to be managed manually by creating the package and distributing them to respective sites and deployed to all the clients by the administrator managing the remote sites.
Scenario 2: - Clients are managed by each site locally and the logs are replicated to central location.
The clients would be replicating with the manager which is located at each sites. The clients will take the policies and definitions update from their respective sites. In return all the sites would be replicating with the manager at central location. The replication partners needs to be schedule for replication so that we no replication process overlaps each other. If such scenario occurs there are chances that the database might get corrupted or replication may fail at some sites.
Logs can be replicated in either one way from remote site to local site or both ways from remote to local and local to remote. By default the group structure, policies will be replicated by default, it cannot be excluded.
Liveupdate content can also be replicated from central site to remote sites. In this situation central site will download the definitions and will distribute to the remote site at the time of replication, however if the bandwidth is log between two sites in that case we can exclude the liveupdate content replication.
- How we are planning to distribute the virus definitions update?
Distribution of content is one of the most important considerations. There are four different ways in which we can distribute definitions to the client.
- Group update provider.
Promoting group update provider server for each location, GUP server will take update from the manager and will distribute the updates to the clients. GUP server should be a server side operating system, because windows XP machine have limitation of maintaining 10 concurrent connections.
- Liveupdate administrator.
Liveupdate administrator will download definitions from internet and will distribute to all the clients. We can configure distribution points which will be responsible for downloading definitions from central liveupdate administrator.
- Update through Symantec endpoint protection manager.
Client will connect to the manager of their respective sites and take update from the manager. Manager can either download definitions from the internet, liveupdate administrator, or can be replicated from replication partner.
- Trough Symantec liveupdate server.
We can allow all the clients to download definitions from internet.
NOTE: - By writing this document I have tried to provide a framework which can be used while designing implantation approach for your network.