Endpoint Protection

Hello Everyone,
I am in the process of setting up a SEPM site and I am trying to figure out the best way to set everything up. I was hoping some of the experts had some ideas!! My network topology is listed below.
I would like to keep most of the endpoint traffic local to each site.
Thanks in advance for any help.
6 remote sites all connected over 100 meg WAN
Each site has 600 PCs
All 6 sites connect into a central site for internet access.
I will be deploying 11.0.6

Hi


6 remote sites all connected over 100 meg WAN, Each site has 600 PCs

SEPM at each location with embedded DB. With Pull communication configured say 2 hours.


All 6 sites connect into a central site for internet access.
All these 6 SEPM configured to replicate with centralized SEPM so that the logs and the policies are replicated.  Best method is have internet access to all SEPM for definition download. content and package replication is not recommended as it is on WAN traffic .

Preferably SEPM on high end configuration machine.
 best practice document for sizing

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010021610324348

Hi
I had such a problem, i installed SEPM on centeral site with MSSQL Server support and then installing SEPM on all the site as Load balancing. then i created groups for each site and different management server list for each group. the i asked clients of each group to contact their own site SEPM first and then the centeral site SEPM. in this situation first you would be able to manage all the clients from centeral SEPM and then if one of the site SEPMs fails then the clients will be updated from centeral SEPM.  

Have a look at this article
Tips For Installing SEP In A Low Bandwidth Environment

The majority of traffic in SEP is related to content downloads each day for antivirus and IPS definitions etc.
In your case you have a very fast WAN running at 100MB so I would just treat your sites like local subnets.

1 x SQL server
2 x SEPM's
SEP Group Update Providers (GUP) at each site

You need 1 or 2 GUP's present on each subnet.
All of the SEP clients will communicate with the SEPM's for logs and policies but will get content from the GUP's.

6 SEPM's with replication between all the sites is just asking for trouble in my opinion.
If you are really worried about bandwidth during working hours you might consider it, but the sites still have to replicate at some point.

Recommended options:
1. Symantec endpoint protection manager on central site with fail-over arrangement
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008111708084848

Well, well, well! Let's see what we have! An enterprise level network distributed over 6 segments.
For such a network I suggest the followings, and suggest not using some:

1. Install a SEPM server in the main segment and install additional SEPM servers in the other segments. Since there are 600 clients in your segments, to have 2 SEPM servers in parallel in each segment will put you in safe side.
2. Although the Embedded database can serve up to 5000 clients, I advise using SQL due to enhanced performance and especially better maintenance (I rarely use embedded database for networks with more than 200 clients). In addition if you want to have redundancy and 2 servers in each segment you must have SQL server for the database.
3. Alternatively you can use separated domains which make the solution more complicated so I do not suggest this method.
4. Install a Live Update Server in the main segment, and set the servers to receive the updates from the LU Server. This solution will ease maintaining the updates. Don't worry about the bandwidth! There will be minor transaction on the Wan Link since the size of the update packages are rarely bigger than couple of megabytes (except for new versions which will happen very seldom)
5. Instead of Lu Server, you can use GUP solution. This solution is suitable for a small segment with almost 50 clients (or even fewer). Therefore the GUP solution will not suit your network as an enterprise level network.
6. Keep in mind to establish the plan very slowly and gradually. Never and never install the packages all at once on the entire network since unpredicted errors may rise and cause an ordinary error an outbreak. Divide the network into 10, 50, and 100 segments and install on them group by group and test the behaviors.
7. Backup and Backup and Backup! It is very important to backup the databases regularly. I know that what I am going to say rises negative reaction, but believe me that the SEPM servers sometimes go down and you cannot recover them except with a re-installation. In such cases a perfect backup will definitely save your server settings. Be careful to have more than 1 month (say one and half or even 2 months) back up history since a problem might stay hidden for couple of weeks. Hence to have a backup for more than a month ago will really helpful.
8. Dedicate the server to Symantec and do not run any service (such as an application server) on your Symantec servers. Especially do not run systems that rely on IIS. Symantec is very sensitive to the changes are made on IIS and a simple mistake may bring down your Symantec server connection with its clients. This is the same for PHP applications.
9. Forget about any other antivirus systems! Believe me or not, in large scale the only trustable protection system is Symantec Endpoint Protection.

Currently GUP can support upto 1000 clients.