Updated on 8th July'15
Replication enables data to be duplicated between databases one separate sites so that both databases contain the same information. If one database fails, you can manage the entire site by using the information on the database from another site.
A partner is a management server on another site with a different database and management servers. A site may have as many partners as needed. Each partner, or remote site, connects to the main site or local site, which is the site that you are logged on to. All sites that are set up as partners are considered to be on the same site farm.
Each site you replicate data with is either a replication partner or a site partner. Both replication partners and site partners use multiple servers, but the database they use and the way they communicate is different:
If you have a legacy Symantec Endpoint Protection 11.0 site in which you use replication, you must turn off replication before you upgrade. Due to a database schema mismatch, the replication of data between legacy and updated databases during or after the upgrade corrupts the database. You must turn off replication at each site that replicates. You must log on to and turn off replication at a minimum of two sites.
Note: SEP 11 version is now End of Life (EOL)
Symantec Endpoint Protection 12.1 and later does not require that you turn off replication before you upgrade. Symantec Endpoint Protection 12.1 and later does not allow replication if the database schema versions do not match
Replication : Replication is duplication of Records
* Replication causes data to be transferred or forwarded to another SEPM.
* A replication partner is a SEPM that is part of another site.
* Sites can have multiple replications partner.
* Changes made on any partner are replicated to all sites.
* Policies and groups are replicated.
* Replication between any supported version of SQL and Embedded database is supported.
Considerations: Before setting up replication.
1. Minimise number of Sites - Ideally below 5
2. Network Bandwidth and Link
3. Network Latency.
4. Database Size on the Primary site.
5. If any Firewall, Proxy, Router, etc. exists between 2 sites.
6. Does these Firewall or Routers have packet scanning mechanism built in, as this can strip the zip file that is passed on the link.
Considerations: Adding a new Site to an existing replication partner.
1. Make sure the replication Schedule is not set to “Automatic”.
2. Make sure Liveupdate schedule is NOT set to “Continuous” or “Every 4 hours” & Replication should not overlap with scheduled Liveupdate session.
3. Lower the count of Content revisions in the Liveupdate settings.
4. Purge SEPM Logs.
5. Symantec strongly recommends that you do not exceed 10
Database supported for SQL:
1. Sybase adaptive server anywhere (ASA) 9.0
2. Microsoft SQL 2000 Server with SP4
3. Microsoft SQL 2005 Server with SP2
4. Microsoft SQL 2008 Server (RU5 onwards)
1. For more than 3 sites or 1,000 clients: No more frequent than once per day
2. Versions of the Policy Manager have to be the same.
3. Replication schedules should not overlap.
4. If replicating over WAN, only replicate the logs.
5. Number of replicated sites should ideally be kept below 5. Ratio will be 1:4 ( i.e 1 primary : 4 seconday )
6. The value of “Content revisions to keep” should be set to a lower value.
7. If you have configured multiple replication partner then always make sure that the replication schedules won't overlap .This situation can lead to Database Deadlock issues.
8. Delete Replication Partners when
1.Upgrading the Policy Manager.
2.If any CRT Approved tools need to executed.
3.Software / Hardware maintenance on the Policy Manager.
4.Backing up database manually.
Information that need to be gathered for troubleshooting:
1. Gather Tomcat logs from both the sites.
2. Gather Tomcat logs from Site 1 and “Install Error” logs from New Site, if the initial replication fails.
3. IP Addresses and Server Names.
4. Database Backup (SQL server or Embedded database).
5. Wireshark logs to check for network issues.
6. SEP Support tool logs from all the sites. A full data grab is needed.
Replication initiate if there is any change in USN number
USN stand for Update Sequence Number.
Every record in the database is associated with a USN.
USN is incremented/updated every time there is a change in the records.
Data comparison happens on the basis of the USN.
The USN defines whether a record is to be Added or Modified.
Note : If you wish to move SEPM from one machine to another with the help of replication, Replication is an option, decide whether to go or not.Beacuse if you do replication and remove the old server that is the Primary SEPM , in future if you want to do replication you will not be able to do so.
You will have to break the replication between SEPM's before doing an upgrade.
SEP 12.1 Replication Advantage :
Eliminates cross version replication corruption
Few helpful links :
How replication works
Managing sites and replication
Adding a replication partner
Changing the automatic replication schedule
Turning on replication after migration or upgrade
Turning off replication before migration
Determining how many sites you need
Adding replication partner fails, but it still shows up in the Symantec Endpoint Protection Manager console
Replication error when deleting and restoring replication partner during replication
How to install the Symantec Endpoint Protection Manager(s) for replication
How to configure the replication schedule for Symantec Endpoint Protection Manager (SEPM)
How to add an additional site to configure replication for Symantec Endpoint Protection Manager (SEPM) using an Embedded Database
How to change the host name of the servers running Symantec Endpoint Protection Manager with a replication partner?
Does Symantec Endpoint Protection Manager support replication between sites running different versions?
How to Perform Offline Replication between 2 Remote Sites when normal replication is failing due to Bandwidth Issues.
Turning on replication after migration or upgrade