Endpoint Protection

We have implemented SEPM12 in our organizaton Size 7k, Now we want to re-structure of our SEPM as current one sucks(not designed properly) so how can it impact on our work load and wht are the other things need to keep in mind. 

Hello,

Since you are planning stage again, check these articles below which may assist you - 

Planning the installation http://www.symantec.com/docs/HOWTO55061

Network architecture considerations http://www.symantec.com/docs/HOWTO55114

Getting up and running on Symantec Endpoint Protection for the first time

http://www.symantec.com/docs/HOWTO55274

Quick Access to Symantec Knowledgebase Articles of Symantec Endpoint Protection 12.1

https://www-secure.symantec.com/connect/articles/quick-access-symantec-knowledgebase-articles-symantec-endpoint-protection-121

Downloadable Guides in reference to the Symantec Endpoint Protection 12.1 RU2

https://www-secure.symantec.com/connect/downloads/downloadable-guides-reference-symantec-endpoint-protection-121-ru2

Also, check this Thread with Similar Issue - 

https://www-secure.symantec.com/connect/forums/sepm-infrastructure-planing-and-designing

Hope that helps!!

hi,

Check this

Network architecture considerations

Check this thread

https://www-secure.symantec.com/connect/forums/network-security-architecture-design

Do you mean re-structuring of groups? Are you using AD sync or not? How many locations do you have? Are you using GUPs to distribute content?

What is wrong with your current setup?

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

To give proper solution we need more info from your side.

1) Total number of SEPM's & version details

2) Total number of remote sites if any, clients per site.

3) Bandwidth available between central server and remote sites.

4) Is there any GUP configured?.

5) Will be there any future expansion?

6) What's the existing network design issue?

Till the time refer this article:

Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture

http://www.symantec.com/business/support/index?page=content&id=TECH92051&locale=en_US

nopes, no AD sync, no location awareness, no network trafiic control, and many more reasons so  we want to restructure of our SEPM. so for me it's imp to know, how can it bother me cause we will use new IDs new hardware, 

Hi

1) Total number of SEPM's & version details: more than 7k, SEPM 12.1 

2) Total number of remote sites if any, clients per site: we don't have remote site as of now but want to deploy in next phase..

3) Bandwidth available between central server and remote sites.

4) Is there any GUP configured?. Yes but not sync with AD

5) Will be there any future expansion?  will max 10K, 

6) What's the existing network design issue? bandwidth, whenever we want to apply new patch or upgrade it generate the trafffic and netwrok team block our ports, We have almost 27 office in different states\cities but there is only one SEPM servers installed in HQ, so hard to maintain the same. We also want to sync with AD so that whenever a new worksrations comes online after a perios, it(SEPM)  should check client is not corrupted and\on client version is upto date. 

Hi,

This is a very common issue.

Whenever there is a new patch or upgrade it would create 100MB+ packet to update 1 machine. You can imagine how much traffic it can create.

Till the time network is in LAN segment &  if you have configured to update clients during non production hours it should be ok.

However it's dangerous when it's on a WAN link if bandwidth is limited.

Is there any reason you have not configured Group Update Proivder's?

Why don't you deploy GUP's in existing network? GUP's can definitely help to save bandwidth.

Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH93813

If you have multiple locations, the first thing I would look at is configuring GUPs at the locations to update clients so your clients are not coming back across the WAN and causing bandwidth issues.

So you don't have a firewall or IPS policy applied either? Are you running only AV?

I believe based on articles pasted on comments . You should plan out SEPM design structure.

Than think of Subnet based GUP to reduce bandwidth for Live update.

For Upgrade it will be difficult if you push sep package from SEPM.

You should copy the package manually to remote location and use PushDeploymentWizard tool to push packages over the LAN.

Hello,

Before you install the product, perform the following tasks:

• Make sure the computer on which you install the management server has the minimum system requirements.

• If you install or upgrade to the Microsoft SQL Server database, make sure that you have the user name and password information.

  See About SQL Server configuration settings.

• For networks with more than 500 clients, determine the sizing requirements.

  You need to evaluate several factors to ensure good network and database performance. For example, you should identify how many computers need protection and how often to schedule content updates.

  For more information to help you plan medium to large-scale installations, see the Symantec white paper, Sizing and Scalability Recommendations for Symantec Endpoint Protection.

I agree with the idea considering GUP as an important element after install SEP in the network - 

Check these Whitepapers (as attached), which may assist you.

Secondly, check these Articles:

How To Optimize Endpoint Protection for Branch Offices using GUPs, Load Balancing, and Location Awareness

http://www.symantec.com/docs/TECH94122

Symantec Endpoint Protection Sizing and Scalability Best Practices White Paper

http://www.symantec.com/docs/DOC4448

Hope that helps!!

Attachment(s)

GUP__Sizing_and_Scaling_Guidelines__v2.2_1.pdf   58 KB 1 version

GUP_Whitepaper_1.1_4.pdf   1.41 MB 1 version

Hi, 

You can have GUP server to avoid network bandwidth utilization.

Regards

Ajin