Endpoint Protection

Guys, Is it possible to have a single primary sepm and multipple secondary sepm located at remote places without making them as replication partner of my primary sepm?.

the remote SEPM's cannot talk to primary SEPM, hence there will not be primary or secondary. THe remote SEPM's will be considered as primary SEPM as well.

What do you want to achieve?

You can think of SPC (protection centre) , which will manage all the SEPM's.

pete, I have more than 10 remote locations, each have a sepm. Is it possible to bring all the sepm under one management point from where i can distribute policy setting and take client side reports?.

for that you can ITA along with SPC for reporting. WIth SEPM I think it is not possible as these are not replicating.

The policy distribution has to be done manually i.e. export and import.

If you are not interested in going down the path of making them replication partners. I suggest deploying Group Update Providers(GUP) at each location, and publishing your 'centralised' SEPM through your firewall for these remote locations.

The last step is to get the clients to report to the new SEPM server.It is possible  to do this without re-deploying SEP, by either using the sylinkdrop tool in a start-up script or some policy editing using notepad.

In this deployment, all endpoint traffic (logs/policies) report directly to the SEPM server (small amount of traffic), updates are proxied through the GUP.

in that case, clients will be connecting through WAN to SEPM, and you should also look at the sizing document.

Guys, Am planning to configure all the remote sepm as replication partner to my primary (the one i manage) through WAN and assign management server list according to client's location by creating seperate group for each remote locations. Can that be  done?.

Can a GUP distribute policies as well?

no, it will distribute only content at this time.

once replication is set you can assign the MSL to the groups .

If i set replication intervel as one day and there is no major change in my sepm (Only replicate logs from remote server) , How much data (size) will be trasnfered between two sepm for a successful replication to happen.

Conditions for every environment are different which may effect the overall performance of replication. 

you may check this article

Best Practice for setting replication frequency

http://www.symantec.com/business/support/index?page=content&id=TECH91509

Hi,

Replication is a good option if you are following recommendations.

Symantec recommends to have 1 Primary & 4 secondary sites i.e 1:4

If you replicated 10 sites with Primary SEPM, your SEPM database size will increase depending upon number of clients across the sites.

Check following URL for more details.

https://www-secure.symantec.com/connect/articles/replication-and-considerations

I think GUP should be the first choice & if you wish to have redundancy, you can install an additional SEPM on the primary site itself and replicate with existing SEPM.

Group Update Provider: Sizing and Scaling Guidelines

http://www.symantec.com/business/support/index?page=content&id=TECH95353

Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH93813

New features and functionality in Symantec Endpoint Protection Release Update 5 (SEP RU 5) Group Update Provider (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH96417&locale=en_US

Video’s created on Group Update Provider on the Symantec Connect website.

https://www-secure.symantec.com/connect/videos/group-update-providers-part-1

https://www-secure.symantec.com/connect/videos/group-update-providers-part-2

I hope it will help you !!!

But in one of the symantec document i'ce read i can have maximum of 20 replication partners provided the replication time does not overlap with others. (Any way that's not possible in realtime)

And this is what i was looking for..

http://www.symantec.com/business/support/index?page=content&id=TECH94122

Delphin

20 is too much!

Hi sadelphin,

You are correct but Support strongly recommends that you do not exceed more than 10 replication partner.

Article shared by you is explaining multiple features under one roof.

Hey pete and chetan.. Thanks.. yup 20 is too much.. I wont go for that. Will go, and implement and let you ppl know what happened...