Hello,

It could be a concern when you have sites across Continents with Embedded Database. 

I agree with Chetan above.

Failover and load balancing configurations are supported in Microsoft SQL Server installations only. Failover configurations are used to maintain communication when clients cannot communicate with a Symantec Endpoint Protection Manager. Load balancing is used to distribute client management between management servers. You can configure failover and load balancing by assigning priorities to management servers in Management Server lists.

See About failover and load balancing.

Infact, Replication in your case could help with 2 SEPM's on Embeddded Database.

Also, Check these 2 threads:

https://www-secure.symantec.com/connect/forums/replication-between-2-sites-embedded-databases

https://www-secure.symantec.com/connect/forums/sepm-failoverloadbalancing-embeded-database

Again, since they are in 2 different Continents, make sure you have enough Bandwidth between sites.

Hope this helps!!

So replication will work but not failover/load balancing?

Yes, Replication will work but not failover/load balancing.

While setting up replication follow best practice.

Is there a KB on setting up replication?

Do I need to create 2 different install packages? One from each SEPM? Or Can I use 1?

Thanks that helps. Ill report back when I get this straightened out.

Hello,

To

Configuring 2 SEPMs with embedded DB is possibel

Follow the steps below to add a replication partner

1. On the machine you wish to be a replication partner, install Symantec Endpoint Protection Manager.
2. In the Management Server Configuration Wizard panel, choose Advanced rather than Simple.
3. Select the number of clients you expect the server to manage, and then click Next.
   Note: This panel is displayed only when installing the Symantec Endpoint Protection Manager on the computer for the first time.
4. Check Install an additional site, and then click Next.
5. In the Server Information panel, accept or change the default values, and then click Next.
6. Accept or change the name in the Site Name box, and then click Next.
7. In the Replication Information panel, type values in the following boxes:

   Replication Server Name The name or IP address of the remote Symantec Endpoint Protection Manager
   Replication Server Port The default value is 8443
   Administrator Name The account name that is used to log on to the console with administrator user rights
   Password Provide a password that is associated with the Administrator Name that is specified
    

8. Click Next.
9. In the Certificate Warning dialog box, click Yes.
10. In the Database Server Choice panel, choose one of the following and click Next

    Embedded Database
    Microsoft SQL Server
     

11. If you chose Embedded Databasein the above step, then continue with these steps, if you chose Microsoft SQL Server, move to step 14.
12. In the admin user panel, provide and confirm a password for the admin account. Optionally, provide an administrator email address.
13. Move to step 19
14. Do one of the following:

    If the database does not exist, check Create a new database (recommended).
    If the database exists, check Use an existing database.

    An existing database must define file groups PRIMARY, FG_CONTENT, FG_LOGINFO, FG_RPTINFO, and FG_INDEX. The user account for database access must have privileges db_ddladmin, db_datareader, and db_datawriter.

    If these requirements are not met, your installation fails. A best practice is to define a new database.
     

15. Click Next
16. In the Microsoft SQL Server Information panel, type your values for the following boxes:

    Database server

    If you created a new instance, the format is servername_or_IPaddress\instance_name.

    SQL server port
    Database name
    User
    Password
    Confirm password (only when creating a new database)
    SQL Client folder
    DBA user (only when creating a new database)
    DBA password (only when creating a new database)
    Database data folder
     

17. Click Next
18. Provide and confirm a password for the admin account. Optionally, provide an administrator email address.
19. ClickNext

Configuring the Symantec Endpoint Protection Manager for replication

You use the Symantec Endpoint Protection Manager Console to configure servers for replication. The administrator logon credentials are the credentials that are used at the first site that you specify for replication.

To configure the Symantec Endpoint Protection Manager for replication
 

1. On the computer on which you installed the Symantec Endpoint Protection Manager as an additional site, log on to the Symantec Endpoint Protection Manager console.
2. In the console, click Admin, and then click Servers.
3. Under View Server, expand Local Site, expand Replication Partner, right-click Site <remote_host>, and then click Edit Properties.
4. In the Replication Partner Properties dialog box, set the options that you want for logs, packages, and replication frequency, and then click OK.

   Refer to context-sensitive Help and the Administration Guide for Symantec Endpoint Protection and Symantec Network Access Control for details about these settings.
    

5. Right-click Site <remote_host>, and then click Replicate Now.
6. Click Yes.
7. Click OK.

To add a replication partner when a site has already been replicated using the above steps

1. Loginto Symantec Endpoint Protection Manager console.
2. Click theAdmin tab. Under "View Servers", select a site.
3. Under "Tasks", click Add Replication Partner. The Add Replication Partner wizard appears.
4. Click Next on the "Welcome panel", and then enter the <ip address> or <host name> of the server that you wish to add as a replication partner.
5. Enter the <port number>  and the administrator's user name and password for the remote server on which you installed the SEPM.
   Note: The default setting for the remote server port is 8443.

    

6. Click Next to invoke the "Schedule Replication" dialog box
7. Disable "Autoreplicate" to set up a custom schedule for replication:
   • Select the hourly, daily, or weekly Replication Frequency.
   • Select the specific day during which you want replication to occur in the Day of Week list to set up a weekly schedule.
      
8. Click Next when the replication schedule is configured as desired.
9. Click Yes or No depending on whether or not you want to replicate logs.
   Note: The default setting is No.

    

10. Click Next and then click Finish. The replication partner site is added under Replication Partners on the Admin page.

for more details check symantec KB.

Hello Brian,

Please note that replication cannot be done between two set SEPMs. Replication creates a mirror image of the Primary SEPM to the secondary, Hence in your case, the clients on one of the SEPM would not report to any SEPM.

Procedure that you could follow are :

1. Have all the clients reporting to 1 SEPM (note that the bandwidth usage would be very high if no GUPS are used)

2. Uninstall 2nd SEPM and reinstall it as a replication partner

3. Have the MSL pointing to the correct groups so that the clients reports accordingly.

Option 2.

1. Uninstall 2nd SEPM and reinstall it as a replication partner

2. Have the MSL pointing to the correct groups so that the clients reports accordingly.

3. Reconnect the clients to the 2nd SEPM

After a replication is done, the install packages need to be created only from one SEPM, for a perticular group (group A would have the clients reporting to SEPM A and Group B would have the clients reporting to SEPM B)