Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Network Shared Insight Cache

Created: 08 May 2013 | 4 comments

Hi,

I am planning SEPM for 5000 Clients environment.

Out of 5K clients, I have about 1500 clients in VMWARE including 750 VDIs.

I have designed to install 'network based shared insight cache.

How many nSIC Servers I need to manage 60 ESX hosts with about 1000 VMs (including VDIs).

Kindly suggest..

Operating Systems:

Comments 4 CommentsJump to latest comment

pete_4u2002's picture

The SIC server works with Symantec Endpoint Protection (SEP) 12.1 clients, especially in virtualized environments, to improve on-demand scan performance. SEP clients can be configured to request information on unknown files and submit information on known files to/from the SIC. The SEP client performs these lookups during all scheduled and on-demand scans. This allows the the client to substitute a small amount of network traffic for a larger amount of disk I/O by not scanning files another SEP client has already scanned and determiend to be safe.

check this link

http://www.symantec.com/business/support/index?page=content&id=TECH174123

SMLatCST's picture

IIRC, a single network-based SIC with about 8GB RAM and can handle about 1500 endpoints.

That said, it's normally recommended to ensure the VM Guests/Hosts are as close as possible to the SIC,  as the sharing the scan results happens over tcp/ip.  Therefore, you may wish to consider multiple SICs if your VM Hosts are distributed over different geographic locations.

Finally, I'd also recommend you look into the Virtual Image Exception option.  In general, this can produce a larger performance improvement than the SIC, and is what I'd normally recommend for VDI.  This is because the VIE changes can apply to auto-protect as well.  More info on VIE can be found below:

http://www.symantec.com/docs/HOWTO81034
http://www.symantec.com/docs/DOC4335

ANTONYMA's picture

Thanks for the reply

I would like to ask specifically about the following:

Along with my SEPM, how many nSIC Servers  I would need to manage 750 VDIs and 750 VMs.

Is there a restriction like one nSIC each per ESX host of VM Cluster?

SMLatCST's picture

As I mentioned, a single (one) SIC server would, in theory, be enough for 1500 endpoints.  But you must adjust this according to how your VM Hosts are distributed, as you probably don't want SEP clients crossing the WAN to contact a SIC.

You can have as many nSICs as you want, although I'd recommend reading up further on the consequences (i.e. more resources used, more scanning performed in general as there's less ofr each SIC to share, etc).  I'd normally recommend one per VM Cluster (based on geographic location).