Brayza-

For advice on migrating  your SAV10 Site to SEP, consult the Installation Guide for SEP 11 located here: ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/mr2/installation_guide.pdf

Starting at page 150 is information relevant to the SAV10-SEP migration path and tasks to undertake.

Depending on the size of your second site, if you don't need a SEPM server there, you can designate one client there as a Global Update Provider to provide Virus Def updates to your clients there.  You would define a policy to have that site pull from the GUP, which pulls the updates from your Central SEPM server.

-Aaron

The best way depends on how many endpoints are located at the remote site, and also what type of bandwidth you have between your corporate site and the remote site. Also, can you place a server at the remote site or would you prefer to keep the servers at the datacenter?

The advantage of using a LiveUpdate server, whether at the remote site, or at the datacenter, is that you can schedule updates and definitions to your clients very precisely; policy updates always come from the SEP Manager but are very small.

These are the options:

1) Setup a SEP Server at the remote site (or at the datacenter if updating the remote site is possible due to bandwidth availability) in a replicated mode to your primary site. This will give you full failover, DR and load balancing as each server can be set to manage specific clients. Scheduling of when updates occur is limited

2) Setup a LiveUpdate Server at the remote site (or at the datacenter) to provide definitions and SEP Software updates to all the clients at the site (or both sites if you like, as this can be scheduled to occur overnight) Again, policy updates come from the SEPM

3) For a small number of clients in a remote site you can designate one of the clients as a GUP (Group Update Provider). Just bear in mind that if the communication is not optimal or the GUP client is slow or inaccesible, the clients will default to getting their updates from the SEPM and will come over the WAN to get their definitions from the SEPM at the datacenter. Couple this with the fact that you cannot schedule when the definitions are dowloaded and pushed to clients, and you can have lots of traffic at the wrong time of the day

Thanks for the replies and info people.

"3) For a small number of clients in a remote site you can designate one of the clients as a GUP (Group Update Provider). Just bear in mind that if the communication is not optimal or the GUP client is slow or inaccesible, the clients will default to getting their updates from the SEPM and will come over the WAN to get their definitions from the SEPM at the datacenter. Couple this with the fact that you cannot schedule when the definitions are dowloaded and pushed to clients, and you can have lots of traffic at the wrong time of the day"

Define "small number of clients".

I would say that theres 20-25 endpoints at the remote site.  As well as 6-8 mobile workers that would need SEP rolled out to their notebook/portable devices.

This GUP client idea might be the go, as theres talk that our whole datacenter (therefore also current SEPM Server) will be moved to the "remote site" in the near future.  So I don't see the point of setting up a seperate SEPM server up there if we will just be moving the existing one up there in the future.

regards,

Brayza

GUP's are recommended by Symantec for up to 100 computers.