Endpoint Protection

Hello - Currently we have 5 locations, each with a SEP Manager. From there they monitor servers/computers at that particular location. They do not replicate. We're looking into different ways of management for this. I'm mainly looking for pros/cons if we were to have one management server at our main location.. and how I would go about migrating everything over. 

Single Parent Server

5 locations (WAN Traffic for scanning/updating)

Pros/Cons

A little bit about the environment:

All locations are on Comcast Businesses. 

3 locations are on version 11.0.6

2 locations are on version 12.1.4

Mixture between 2003 R2 and 2008 R2 (I can create the main parent server to be on 2008 R2)

User work stations are mostly Win7 pro now, but we still have a handful of XP machines. 

I've ready these articles:

About installing multiple instances of Symantec Endpoint Protection Manager

http://www.symantec.com/docs/HOWTO26811

About Load Balancing and Failover Clustering in Symantec Endpoint Protection 11.0

http://www.symantec.com/docs/TECH104519

The Philosophy of SEPM Replication Setup:

http://www.symantec.com/docs/TECH93107

About installing and configuring Symantec Endpoint Protection Manager for replication

http://www.symantec.com/docs/HOWTO26797

Symantec Endpoint Protection Sizing and Scalability Best Practices White Paper

http://www.symantec.com/docs/DOC4448

Just looking to get some direction if it's better to just update our current versions and keep a parent server at each remote site or just consolidate into one parent server here at the main office.

Thanks in advance. 

The easiest way would be to build one SEPM (latest 12.1.4) in a central location and replace the sylink on all the clients to get them into the new SEPM. From there you can upgrade clients to the latest version. However, you will lose all the logs of the other SEPMs.

You could setup replication between them all to move everything over as well. You will be able to get any logs as well. I believe the max amount of SEPMs for replicating is 5 so you are at the limit.

Hello,

main pros/cons:

- 1 central SEPM is much easier to manage (all clients, policies, logs, etc in a single place)

- the central SEPM should have better hardware to accept more load

- because you don't use replication, now you don't have SEP traffic between the locations, you will have it when all clients will connect to the single SEPM (you will need to set GUPs up)

- bigger central DB (if you will end up with more than 5,000 clients, you should use MS SQL Server instead of the embedded DB)

- with one only SEPM, you need to enforce your fail over and disaster recovery procedures since any issue on it will impact on bigger set of clients

how to:

if in total you have less than 5,000 clients:

- ensure the central SEPM (new or existing one) is in good shape (good hardware, OS patched, etc.)

- deploy the sylink.xml to all remote clients

- decomission the other SEPMs. You can manually export most of the policies from old SEPMs and import them into the central one.

- Set up regular DB or system backups to be ready in case of disasters.

If you have more than 5,000 clients:

- migrate or set up your central SEPM to use SQL Server DB

- you may connect more than one SEPM to the same SQL DB, hence better load balancing

- deploy the sylink.xml to all remote clients

- decomission the other SEPMs. You can manually export most of the policies from old SEPMs and import them into the central one.

- Set up regular DB or system backups to be ready in case of disasters

There might be some variations depending on some other details and needs of yours but, overall, the above procedure should be good for you.