Endpoint Protection

 View Only
  • 1.  Network/SEP expansion planning

    Posted Jan 25, 2011 01:03 PM

    Hi Everyone,

    I have to explore options on how to implement SEP for planned network expansion, keeping current SEP setup as reliable as it is now.

    Currently we have about 3500 workstations on our network, and they are managed by one SEP site. This site has one SQL server running on a separate server (16GB RAM + PentiumDual processor) and two SEPMs (4GB RAM and single processors). For the back up purpose there is one replication SEP site with its own SQL and one SEPM.

    There going to be a new branch with about 2500 workstations and that branch will be connected to our network with T3 line (45 Mbps). This new branch is about 10 miles away and will mostly be managed by staff at main location. Following options are being considered...

    1. Add more servers for redundancy and new branch computers get their content and policy from main site over T3 line

    2. Keep site structure as it is now, but add two servers and keep them at new branch, so that branch computers get content/policy update locally.

    3. Install replication site at new branch, and branch computers get content updates locally without going through T3 line. Replicate once or twice a day with main site for policy updates.

    4. Create a new site at branch and manage independent of main site.

    Please guide me in implementing it in a way that it is reliable and easy to maintain.

    Sincerely thanks!



  • 2.  RE: Network/SEP expansion planning

    Posted Jan 25, 2011 01:26 PM

    What I would suggest is..may be its there in your points above still

    Add a Replication partner to on the New Site and this should replicate with the SEPM that are on SQL server.

    All make sure on the new site SEPM is also on SQL server.

    Then add one more Server to this new site.

    Hence you will have 2 SEPM Consoles on the New site on SQL database that will be replicating with SQL database on your main site.

    and the clients on the new site will report to new SEPM servers and get updates from GUPs in the new Site.

    Hope I make sense 



  • 3.  RE: Network/SEP expansion planning

    Posted Jan 25, 2011 01:54 PM

    Hello Vikram,

    If I understand correctly, you are suggestiong to have another replicating site at new branch with sql server also running sepm and one additional sepm.

    Actually I was wondering to keep it simple and not adding more sql servers. Your point is well taken and I will keep in mind before making final decision.

    Sincerely,

     



  • 4.  RE: Network/SEP expansion planning

    Posted Jan 25, 2011 02:04 PM

    Yeah..Thats exactly what I meant.

    Technically speaking you can do one more thing.

    Install only one Replication partner on the new site using Embedded database.

    and have around 15-20 GUP servers in the new site. So the new server will not have much impact as it will distribute the defs only to the 15-20 machines and the clients will only connect to the SEPM for policy updates that is minimal.



  • 5.  RE: Network/SEP expansion planning

    Posted Jan 25, 2011 03:22 PM

    Is it possible to setup a replication partner with Embedded database, to the main site which has sql database?

    I have heard issues with setting up GUPs, particularly when SEPMs are upgraded to new build, so i don't feel comfortable using them.

    Sincerely,



  • 6.  RE: Network/SEP expansion planning

    Posted Jan 25, 2011 03:40 PM

    Yes it is possible to use Embedded database as replication partner to SQL database.

    Setting Up GUP is easy and its easy to manage. There's no issues during upgrade there issue once during upgrading older version GUP to RU5 however none after that.

    You can test its functionality on 1 group of clients.



  • 7.  RE: Network/SEP expansion planning

    Posted Mar 01, 2011 10:06 AM

    Hi Vikram, m new in SEP, i have the same problem but little bit less complex.i will explore my setup a bit

    We have SEP 11.0.5002 installed on main branch, we have a site location content almost 70 clients right now we manage all client with local SAV server.

    what we want is to setup another SEP server thier on site location,becaue we dont want to use bandwidth for virusdef. i want to have a local server their which will take update from internet or from main SEP server and all client will take updates from that server locally.and we can setup the same policy their either locally or policy can be copied from main server m not sure.

    what you will suggest for this kinda scenario?

    Thanks in advance for your assitance.