Video Screencast Help

Tips For Installing SEP In A Low Bandwidth Environment

Created: 08 Feb 2010 • Updated: 01 Nov 2010 | 25 comments
Language Translations
AravindKM's picture
+29 29 Votes
Login to vote

 

1) Keep the Heart Beat intervals to 1 hour and randomize it for 5 Minute .Also keep it in pull mode (Clients----> < The group which the clients reside>---->Policies (Right side)--- >Communication Settings)
Refer the below figure

COMMUNICATION.JPG
  2)Keep the liveupdate frequency as daily and schedule it..Symantec will release multiple updates in a day. So if we select a low frequency it will download more revisions and will cause more load on the network.(Admin ---->Servers--->local site---->edit site properties---->liveupdate )
Refer the below figure

DOWN.JPG
3)Use GUP for the virus definition Distribution .Ensure that you are using MR4 or later (Both in SEPM and in all the clients.).RU5 is recommendable
 Symantec Endpoint Protection 11.0 Group Update Provider (GUP) 

4)Enable bandwidth throttling for the GUP

How to configure GUP bandwidth throttling in Symantec Endpoint Protection 11.0 MR4?
  For RU5 you can do this in the GUI of SEPM.(LU policy --->server settings--->Group update provider). Refer the below figures .
gup2.JPG
 

gup4.JPGgup4.JPGgup4.JPG
Then assign it to the groups.
gup4.JPG

5)Update the Installation Package before installing the SEP client .This will reduce the initial download update size.
How to deploy the Symantec Endpoint Protection (SEP) client Release Update 5 or later with current virus definitions and intrusion prevention signatures.

 
 6)Keep the no. of revision as 30.It will ensure that if a PC is connecting at least once in a 30 days also it will download only delta updates.(If  a client is not connecting to SEPM Day by day the delta size will go up). Refer the below figure.
revision1.JPG

 
 7)If you want you can control the bandwidth of SEPM, But be careful while doing this because it may affect the clients communication badly.
 Adjust the maximum bandwidth setting in IIS to a value that is less than the slowest WAN connection.

 Configure IIS Performance Options:

Click Start, point to Administrative Tools, then click Internet Information Services (IIS) Manager.
Click to expand Server Name, then click to expand Web Sites.
Right-click the web site that is hosting the Endpoint Protection Manager content (either Default Web Site or Symantec Web Server), then click Properties.
Click the Performance tab.

 Limit bandwidth usage in one of two ways:

i)Adjust Bandwidth throttling.

Click to select the Limit the network bandwidth available to this Web site check-box.
Adjust the Maximum bandwidth setting to total less than the slowest network link.
Click Apply to save changes.

Refer the below figure

 iis5.JPG

ii)Modify the total number of web site connections:

Click Connections limited to.
Adjust the total number of connections allowed to this website to alleviate bandwidth usage issues while still maintaining functionality.
Click Apply to save changes.

Refer the below figure

 iis6.JPG

Note: when setting max connections for the site make sure to include enough connections to allow the manager to function as well (The SEPM- Console uses 3 connections when open).

Note: If the SEPM is installed to the default web site it is possible that connectivity to other content within that site will become unavailable until a connection is released for use.
 

8) If you are having more clients in remote location and you do not want to mange centrally, Install individual SEPMs in each location and configure one central LUA point the SEPMs to download the updates
Installation and configuration of LUA
Installing and configuring LiveUpdate Administrator 2.x
For pointing to LUA refer below figures
point5.JPG

point3.JPG

For more information regarding the bandwidth usage of a client refer below article.
How much bandwidth is used by a SEP Client in One day ?

 

9)f you want to manage the policies centrally  do as follows
How to Perform Offline Replication between 2 Remote Sites when normal replication is failing due to Bandwidth Issues.

and configure one central LUA point the SEPMs to download the updates

Make the following changes in the replication partner properties after doing the replication

Uncheck the logs, Content and Client packages replication. Schedule the replication time to off business hours. Refer the below figure.
repl.JPG

For pointing to LUA refer below figures
point5.JPG
point3.JPG
For more information regarding the bandwidth usage of a client refer below article.

How much bandwidth is used by a SEP Client in One day ?

Note: Minimize the number of replication partners to reduce the complexity...

Comments 25 CommentsJump to latest comment

Symantec World's picture

Great Article.

Very helpful.

Regards, M.R

+1
Login to vote
Vikram Kumar-SAV to SEP's picture

 Very Informative article.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

+1
Login to vote
AravindKM's picture

Thank you for the comments.. 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
banky's picture

Very nice and helpful article, AravindKM.

May I suggest only one thing : use "computer mode" for distant clients when you are using a link which is prone to failure (as ours).
When freshly installed and regularly, distant clients open communication with SEPM ; and if link is not reliable enough ; they tend to appear on default group not in the right one. Moving distant clients to the right group won't cause much trouble when using "computer mode".

Banky

+1
Login to vote
Aniket Amdekar's picture

Very informative article.

0
Login to vote
jayancharles's picture

Hi Aravind what ya its great......I know  very well about symantec its over show.

0
Login to vote
jayancharles's picture

Sthen i gave one pont to u enjoy it..........

0
Login to vote
Raghav_KBL's picture

Dear Aravind,

Very good article and good resource for new SEPM implementers.

Thanks
Raghav

0
Login to vote
Wayne Sheldon's picture

Great article - really like all the screen shots high lighting the fields.
I'm reading thru all the related articles as well.
We use GUP's already but MR5 has new options which I need to understand.

0
Login to vote
AravindKM's picture

Have a look in this article
Whats new in Group Update Providers in RU5 release of Symantec Endpoint Protection 11.0

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
P_K_'s picture

Good one Aravind 

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

0
Login to vote
AravindKM's picture

Thank you for all your comments.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
Optimus Prime's picture

so helpful and very interesting..thank you for creating this one.

;-)

0
Login to vote
SymSEP's picture

great collection of screen shots

0
Login to vote
mon_raralio's picture

Any idea on deployment and upgrade on low bandwidth environments?

The article is generally for definition updates.

“Your most unhappy customers are your greatest source of learning.”

+1
Login to vote
geva's picture

I have been working on this same issue.

I'm somewhat against the idea of manual upgrades, so I'm looking at package deployment.  This however brings a bunch of challenges into SEP/SEPM.

The following article describes deploying packages to remote sites using IIS.  If you use DNS to provide an IP address of an IIS server per site when a common hostname is queried, you could have this deployed package be retrieved locally from the SEP clients.

https://www-secure.symantec.com/connect/articles/h...

My plans are to implement the above on the sites GUPs, and then use a scheduled RoboCopy task to ensure that the IIS content folders are kept up to date on the various site servers.

Greg

+1
Login to vote
Gerald Selvaraj David's picture

Good tips for Bandwidth reducation in the Environment need to follow and read all the links available .

Thanks People

0
Login to vote
geva's picture

As a follow up to the implementation that I was doing, I have found that bandwidth throttling between GUPs and the central management server may not work as intended.  I would thusly suggest not using this, and if required, look at using IIS bandwidth throttling instead.

After working with Symantec support for many days without resolution as to why the clients were not getting any updates, I finally just disabled bandwidth throttling and everything started working normally.

+1
Login to vote
leonhomar's picture

Very good article!

 

congratulations..

Leon Homar

0
Login to vote
dbamberg's picture

Wow.  Thanks for the detailed explanation

0
Login to vote
danluman's picture

Excelente articulo! Muchas gracias por compartir esto.

0
Login to vote
USECredit's picture

What would be a good definition of "low bandwidth environment" ?

Remote dial-up users? 128k ISDN line? My company has 5 remote sites, existing as subnets & their own router, and with either a 1.5 or 3.0 MPLS connections (or T1 in one case I think).

Something seems to cause us periodic bandwidth freak-outs, and Symantec often gets blamed.

0
Login to vote
geva's picture

For me, "low bandwidth environment" is completely relative.  Some have access to pipes and budgets that many around the world do not.  Also, depending on what is already being pushed through those pipes and how reliant on them you are will make any potential bandwidth hogs that much more of a problem.

I had major bandwidth problems at a client which I spent months troubleshooting.  They were running a WAN over VPN tunnles on DSL connections in a star topology.  Although the download potentials of the connections were sufficient for their needs, the upload limit of the center node (head office) was ADSL and peaked out at around 70KB/s.  When the SEP clients would all start grabbing updates from the central server it would bring all head office communication to a crawl for a few hours a day.  Once I setup GUPs in the remote offices this meant only two systems were pulling from head office, however during weeks where there were many Symantec updates we could still see multiple days where over 400Mb of Symantec traffice was being generated.  The solution was to max out the number of versions of updates that are kept, as the more and older versions exist, there are more options to grab a delta differential update file from before sending it out over the WAN (sadly this option consumes many gigabytes of disk space).

For me it is really about bandwidth optimization.  Even on your nice MPLS/T1 connections, if you are using default settings for SEP/SEPM, all remote systems will EACH be downloading updates from your main server when updates are available.  Also, I think number of old versions of updates is set to something like 6, so any machine that has not been updated in the past week which tries to grab an update needs to download the WHOLE package which is over 200Mb if I recall correctly.

In my opinion, Symantec may or may not be the cause of the problem, but they do not optimize WAN traffic at all, and are notorious for having bloated software.  They are at least part of the problem.  I would suggest the following:

  1. Up your number of update revisions to keep to 16 or more
  2. I think you also need to keep these updates in uncompressed form in order for the delta update file creation to work (re-read this article)
  3. Implement/assign at least one GUP in each location (updates sent to branch once, distributed from there)
  4. Install NetLimiter Monitor (or buy it) on your SEPM and watch the process bandwidth use to the Internet zone (be aware installation requires a reboot)

Hope this helps.  NetLimiter is how I identified SEP as the culprit.  Note that the Symantec services download from IIS, so you'll probably see it as web traffic.

+1
Login to vote