Endpoint Protection

Hello,

I am working on the designing of Symantec Endpoint Security for 80,000 clients/nodes for multi-site architecture. I have read all the articles and whitepapers regarding best practices and installation guide for SEPM 12.x.

--------------------------------------------------|

Design Perspective

--------------------------------------------------|

I have choosen the HA design methodology for multi-site architecture. For the sake of understanding, lets assume:

=> One data center at Corp. Office having 20,000 clients/nodes.

=> 4 remote sites having 15,000 clients/nodes per site.

However I have certain ambiguity regarding the calcuation of database size, content distribution and hearbeat. I have gone through all the calculated values resulted from the formulas but i could not end up with the accurate values. Can anyone please share his knowledge about the formulas to calculate:

1. Size of the database for SEPM and Live Update Server

2. Content distribution time

3. Heart Beat or Polling Interval

4. Bandwidth Requirement

 

P.S - I have gone through the excel sheet shared on the symatec forum for database sizing but its according to the SEP 11.0 not the latest version.

 

Your help would be highly appreciated.

 

Thanks and Regards

Muhammad Majid

Hello,

Incase, you are in the Planning stage of SEPM and it's Architecture in your Environment, this Article would surely assist you:

Getting up and running on Symantec Endpoint Protection for the first time

http://www.symantec.com/docs/HOWTO55274

Symantec Endpoint Protection Sizing and Scalability Best Practices White Paper

http://www.symantec.com/docs/DOC4448

Planning the installation http://www.symantec.com/docs/HOWTO55061

Network architecture considerations http://www.symantec.com/docs/HOWTO55114

Hope that helps!!

Check the Excel sheet

as per Paul

The Excel hasnt changed, it should be able to give you relatively accurate results for SEP12 too.

https://www-secure.symantec.com/connect/forums/sizing-db-sep-121

Thank you for your prompt responses.

@ Mithun I have undergone all the documents you have mentioned but there are no formulas for the calculation of bandwidth requirement, database sizing and hearbeat interval calculation. There are only the tables that are mentioned with the values which are tested in the controlled environment. If you can assist me with any kind of formulas for the aformentioned requirements, it would be of great help.

 

@ Rafeeq thanks for the link, I have downloaded the excel file to calculate the database sizing and I am working on it to update it for SEP 12.x version.

 

Thanks and Regards

Muhammad Majid

This will be the load on your network for LU based on heartbeat

https://www-secure.symantec.com/connect/articles/how-much-bandwidth-used-sep-client-one-day

You need to consider GuP as you have a huge environment

http://www.symantec.com/business/support/index?page=content&id=TECH102541

Hi

To be honest. If you are going to design such a large environment you should ask your symantec rep to set you in contact with an Authorized Symantec Consultant Partner in your region. They will help you with design and best practises. There are quite a few barriers you have to cross that you need first hand experience to deal with.

Torb

Thank you the links you have provided are of great help. I am looking into it for calculations.

As you have recommended GUP instead of Live Update Server for my environment. I have choosen this because of the fact that GUP can only support 10,000 clients (As per written in the white paper - Sizing and Scalability Best Practices_ v2.3) and for the clients more than 10,000 we have to either consider additional GUP or SEPM or Live Update Server. Therefore I opted for LUS instead of going for additional GUP as I am assuming that I will be having more than 10,000 clients on each remote site.

If you have better option with respect to GUP for more than 10,000 clients other than additional GUP then please share your thoughts.

 

Thanks and Regards

 

Muhammad Majid

GUP is just an option to place whereever you have low connectivity areas.. since you have huge environment you need to explore all the options available. for example. You can desin liveupdate for roaming clients from internet when they are disconnected from LAN.

Thank you Torb for your honest response. I appreciate and would like to know, how should i proceed with this process of consulting Symantec Consultant.

 

 

Thanks

 

Any idea, how should i proceed with the remote location either with GUPs or LUS ???

GUP 's is the best way in case multiple remote sites.

 

Thanks - I have few queries regarding fail-over and load balancing.

 

Q1. I have researched on GUPs and I came to know that these are best for the sites with low bandwidth. Actually, I am now working on fail-over and load balancing,  assuming the worst case what if all the GUPs goes down from the remote site then should I direct all the nodes from the clients to the main SEPM server or should I deploy SEPM server on each remote site along with GUPs to avoid any failure or chaos?

Q2. What is the maximum number of nodes that a SEPM can handle at once also with what hardware and software specs?

Q1. I have researched on GUPs and I came to know that these are best for the sites with low bandwidth. Actually, I am now working on fail-over and load balancing,  assuming the worst case what if all the GUPs goes down from the remote site then should I direct all the nodes from the clients to the main SEPM server or should I deploy SEPM server on each remote site along with GUPs to avoid any failure or chaos?

Depending on the size of your remote sites and the bandwidth available between these and your primary locations you might be better of with a couple of HA/Load Balanced SEPM servers at each site. If GUP's are unavailable, or have reached their maximum number of simultaneos downloads the clients will always download their content from their relative SEPM server/s.
Heartbeat interval will be important for you as well with this many clients. If clients are getting updates from a SEPM server or GUP client then this occurs during heartbeat (it can't be scheduled).

Q2. What is the maximum number of nodes that a SEPM can handle at once also with what hardware and software specs?

SEPM servers are meant to be able to manage >50000 clients, but that doesn't necessarily mean they should.

Thank you for your response - Do you have any idea what hardware/software would be cost effective and effecient in deploying Symantec Endpoint Security for such a huge environment??

 

check this

http://www.symantec.com/connect/forums/sepm-and-sql-server-hardware-requirements-large-deployment-sep

Hi Mohammed. Go to http://partnerlocator.symantec.com Select country and region and Check specialization"Enterprise Security" in the drop down menu. This should list all specialized partners. Your license department that bought SEP can also put you in contact with their Symantec contacts that might have a prefered partner you should use. Torb

Do you have any idea what hardware/software would be cost effective and effecient in deploying Symantec Endpoint Server and GUP servers for such a huge environment??

I have designed a draft diagram for the SEPM deployment for 80,000 clients. Can you people please go through it and help me refine it in terms of effeciency and cost effectiveness. The file is attached as a pdf.

You dont have any SEPM in remote site?  If No then,

GUP is not a server, its just any other client which takes updates from SEPM and clients will take from GUP.

GUP can only distributes updates .No policies 

 

If Yes then,

You dont need to replicate defs across SEPMs , remote site can update from internet ,all you need is policy  and groups.

 

 

Actually I do not have SEPM on my remote site and I have used multi GUP as stand alone machines or servers because of the huge environment I am dealing with i.e 15,000 clients. That is why to handle all of them across different subnets I have used stand alone machines as GUP. The specs might be too high for GUP but since its draft therefore I am open to suggestions.

 

Thanks for your comments

Anybody here to assist me with my design document that I have shared earlier in my post.?????

Hey Brent,

I can you please help me out with the concept of "randomization interval" and the "heartbeat interval" in SEPM ?

HI Majid,

Pls go through following links, what other expert says. For 80000 clients only one SEPM 12.0 Version with failover is enough to upate your all remote sites having approx 15000  systems using multiple GUP is good idea even low bandwidth , If have DR site, another SEPM at that site you can have. Single GUP can support upto 10000 clients   As other experts also says and suggest same you can go for sizing and scalabilty guide for Symantec 12.1 for details.

http://www.symantec.com/connect/forums/sepm-desing-large-environment

For Best Practice on SEP

http://service1.symantec.com/support/ent-security.nsf/docid/2009012721190648

Regards,

Ajay Kr. Singh

9818410147