Proper setup for multiple management servers, logs?
First let me explain the situation.
We have six management servers, each at a different building. We would like each management server to control its own building's clients, but retain the ability to centralize the logs so that when we look at our main management server, we can tell the outbreak statistics and current risks without having to individually look at each server at each building. In addition, it would be nice to make it so that when we create a group or policy on the main server, it propogates to the rest, so that when we look at the management server at one of our buildings it mirrors the layout of our main management server.
At the moment we have each management server set to replicate JUST logs from the local site to the remote site.
Is this the correct way of setting this up?
Comments
I should note we do it this
I should note we do it this way because of bandwidth limitations coming into our main building. We do NOT want full replication, as that would cripple our network.
Logs will be replicated
Logs will be replicated between Replication partners.
Use management server list to point your Clients to the SEPM in that building
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007123110045548.
Make sure you have clients from diffrent building in diffrent groups.
Create and assign management server list to SEPM of each building.
So that SEPM A will update handle updates/policies from only building A.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Ok, all management servers
Ok, all management servers are already up and running and appear in the managed server list. All of the clients point to their respective management server.
For log replication, do I want to select "Replicate from local site to remote site" IN ADDITION to "Replicate from remote site to local site"?
Right now, each of our remote managed servers is "Replicating from local site to remote site" to our main managed server. None of them are replicating with each other, just our main managed server.
Is this the correct way to make sure the logs are replicated properly? Should I also choose to "Replicate from remote site to local site" on our remote managed servers?
Check the replication
Check the replication settings on all your replication partners ..However by default logs are replicated.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Perhaps I'm not being clear
Perhaps I'm not being clear enough, I apologize if that is the case.
We currently have (as you mention in #3) replication set to JUST replicate logs from the local site to the remote site (the remote site being our main management server).
If we turn on replication from the remote site to the local site in addition to from the local site to the remote site, what does that do differently?
Do you have both of these
Do you have both of these enabled in both SEPMs ( Main and replication partner )
Replicate logs from local site to this partner site or Replicate logs from this partner site to local site.
Replicate logs from the local site to this partner site
If this option is checked, it replicates logs from the local site to the designated replication partner.
Replicate logs from this partner site to the local site
If this option is checked, it replicates logs from the designated replication partner to the local site.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
We have just one of those
We have just one of those enabled, which is "Replicate logs from the local site to this partner site".
Should we have both enabled?
The difference is:
If you check both of the boxes, it enables bidirectional replication. Given your bandwidth concerns, it sounds like you want a centralized monitoring set up and don't really want the logs to replicate from the central server back out to the remote locations. Assuming this is correct, then your configuration should be set to "Replicate logs from the local site to this partner site". This configurations should be on all of your remote systems and should point back to the central site. In other words, it sounds like you have it configured properly for the results you want.
As a side note, it is important to understand that replication will occur at a user-defined interval (typically every 12-24 hours) and will not provide real-time replication. What this means is that your central site will not be aware of any outbreaks until after the replication occurrs.
Chris Tyrrell
This option will let you
This option will let you send the logs from the replication Partner to Main SEPM Server.
So you'll have to configure the same setting on all replication partners to replicate their logs with Main SEPM server..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
As Chris Tyrrell told if you
As Chris Tyrrell told if you set replication you will get the information in your main server only after the successful replication.If you are able to do a hourly replication you will get this informations very fast,but you may not be able to do because of bandwidth constrains...
I thing setting notifications in all the servers will be ideal for you .(if you still want centralized reports you can schedule the replications to non business hours ). For more information regarding this refer below docs
Creating notifications in the Symantec Endpoint Protection Manager
Creating administrator notifications
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Would you like to reply?
Login or Register to post your comment.