Endpoint Protection

Alls,

Perhaps we can share or can sugestion  in these forum which is the best hardware and OS to run SEP family (SEPM, Live Update, Quarantine) according to your experience. So it can be also guidances for other to develop their systems.

My self for SEPM using specification like these:

• IBM 8123MAH ThinkCentre A51
• Ram 3GHz
• Intel Pentium 4 HT (3Ghz)
• OS Windows Server 2003 Enterprise Edition SP2
• SQL Server 2000 Developer Edition
• handling for 1200 user

The problem :
When accessing SEPM,the progress seem low example like create report,log etc

Well, according to Symantec Knowledge Base there should be no problem since my specification is above the minimum requirements :)
But i still face the problem. So i planning to upgrade my SEPM,LU and Quarantine.

I hope the sharing of information, can be other guideances to develop a better system.

This is what is the minimum requirments suggetsed by symantec

System requirements for Symantec Endpoint Protection 11.0.5 and Symantec Network Access Control 11.0.5
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009072315265848?Open&docid=2009072315130848&nsf=ent-security.nsf&view=docid

But it is always recommned to have more then suggested as there are diffrents other ROLES the server has to play and that too require resources.

Hi Prachand,

I'm allready ready your link before. That's why make me wonder because every server is dedicated.
I set for ONE ROLE for each server. So i had 3 server for these. 1 SEPM, 1 Live Update, 1 Central Quarantine Server. The link you had given isn't stated what kind of recommended Processor do I need it.
Does Itanium also allready supported in 11.05 ?
In knowledge base for 11.0.4 is better because it mention what kind of minimum processor.

Like i said before, my specification is above the minimum :)

Acctually is better if i ask, what kind of requiredments or recomendation for handling 1200 to 5000 user ? :)

Because i'm planning to upgrade my server.
I'm hoping can get sugestion or recomendation from Symantec Technical Support also from member of symantec who allready implement for 1200 to 5000 user. So this information can be guidance.

Itanium is still Not supported  yet.

For SEPM

RAM 3-4 GHz
HDD 10-15 GB of Free Space
Processor  3Ghz

SEPM server  can also work as the Liveupdate server , so if its not so important there is no need for a Diffremt LU server

SEPM also has the features to submitt the  Quarantine  , it serve that objective too so so if its not so important there is no need for a for a Quartine server

It is not recommended that Quarantine Server be used in smaller SEP environments of less than 10,000 clients.

Title: 'Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture'
Document ID: 2009012721190648
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009012721190648?Open&seg=ent

Using SQL 2005 might help. Every bit of information about SEP system is stored on SQL.

Hi Bekir,

I was think about changing the sql server also .. :)
But now looks like everyhing move to Windows Server 2008 and SQL 2008.
Does the edition of the OS and SQL have a great influence in SEPM performance ?
I think new version of OS dan SQL, must reconsider again about the hardware performance.
In my case 1200 to 5000.

Hi Prachand,

My reason devide it to 3 server because our clients dispersed into 5 region (island) where the total of our branch is almost 70. The network bandwith is vary from 128 kpbs to 1 Mbps (most of it is 128 kbps). So i'm concern about the bandwith to. Beside that, when we implement Quarantine we took 5000 sample of viruses every 2 days this also my concern to user quarantine server.

If i made it to one server i can image our network will down because all client will go to 1 ip address ( we allready face it and when track it from our routers that broadcast goes to SEPM server ).

We planning to implement SNAC too, so these also become our consideration to find a better configuration.

By the way thanks for the link ...

My suggestion !!!

Kindly find the below url for the sizing

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008063014073748


For clients i would like to suggest you to go only with Antivirus & AntiSpyware & Network Threat Protection.

Do not go with PTP as the definitions files are large.

Restrict the clients logs sending to sepm.

There is no need for quarantine server in Low bandwith.

Create a GUP in each and every branch office.

Increase the heart beat to 3 Hrs.

Release only one revision per day.

If you are going with SNAC. do not quarantine the PC's it will  be pain to remediate the PC's.

Hi Prachand,

My reason devide it to 3 server because our clients dispersed into 5 region (island) where the total of our branch is almost 70. The network bandwith is vary from 128 kpbs to 1 Mbps (most of it is 128 kbps). So i'm concern about the bandwith to. Beside that, when we implement Quarantine we took 5000 sample of viruses every 2 days this also my concern to user quarantine server.

If i made it to one server i can image our network will down because all client will go to 1 ip address ( we allready face it and when track it from our routers that broadcast goes to SEPM server ).

We planning to implement SNAC too, so these also become our consideration to find a better configuration.

By the way thanks for the link ...

Hi

We have three Dell servers to manage 1200-2500 clients all clients who are not Headoffice are linked via ADSL upto 8mb on a managed wan or VPNs (Not on a domain)
All Servers are same spec
PE R200 Quad Core Xeon X3320, 2.5GHz, 2x3MB, 1333FSB 1,500.00 4,500.00 S
PCI-E Riser Card (1xPCI-E x8 slot, 1x PCI-E x4 slot) 1 S
8GB (4x2GB Dual Rank DIMMs) 800MHz 1 S
450GB SAS 15k 3.5" HD Non Hot Plug 2 S
1 SAS 6i/R Internal Controller RAID PCIe 1 S
CD-RW/DVD-ROM Drive SATA 1 S
Windows Server 2008, Standard Edition English, Includes 5 CALs
Server 1 Classed as Console runs SEPM console, Migration deployment packages and SQL server 2005 (SQL is very memory and disk consuming!!!)
Server 2 Classed as Primary Acts as fallback for main console, and is load balanced for client reporting updates etc
Server 3 Classed as Secondary acts as Database back up for SEPM, Liveupdate Server, Quarantine Server and load balanced for client reporting etc
We set all client to pull from servers as this reduces bandwidth we have a 5min heartbeat
We have found endpoint somewhat flaky especially in deployment (When it works first time is excellent when it does not...I do not want to go there!!!(Many sleepless nights.)
The console on the whole runs fine although sometime sluggish (I think SQL has a lot to do with this) I am pleased I did not go for a low spec Server.
Deployment files are large (AV and spy only about 84mb and take a long time to either push out or download to clients frequently the remote installation fails for one reason or another (Sometime you have to remote desktop to client and run the file locally (Assuming it got there in the first place) Once installed we have the client to run live update locally once a day in case client to server communication is lost.
I won't bore you with other experiences but if I can pass my problems/fixes help on it may be of use to someone else.

In this Senario there is no need to install a separte LU server  rather install GUP at each site so the load and banwdith is distributed. If you a GUP configured at each site the clients will not come to the main SEPM for update but will take update locally from the machine that is configured as a GUP thus saving WAN traffic.

Symantec Endpoint Protection 11.0 Group Update Provider (GUP)

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092720522748

Best practices for Group Update Provider (GUP)

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008081810593048