Endpoint Protection

Hi All,

          I think this is an easy question for you and I hope you can give me an idea of which way to go. The company I work for has been aquired by a larger concern and there is a big possibility that it would also like to use SEP as its desktop AV. I currently have 2 SEPM's located in a datacenter and they service 13,500 endpoints worldwide. I have a good GUP structure setup as well. The number of Endpoints will increase to 35,000 - possibly. I want to keep my structure at the simplist level. Will the 2 SEPM's I have be able to manage the extra Endpoints together with an increased GUP structure? It will the latest 12.1.6 MP1a software. As usual any advice help will be geatly appreciated.

Cheers

PaulC

surely you can manage 35,000 endpoint with two SEPM provided they they have enough juice to its hardware and the network bandwidth. by default SEPM 12.1 installed with SQL can easily mange upto 50,000 endpoints. so you should not face any problem. please be sure to user the MSL wisely and split the endpoints between these two SEPM and also do not set the heartbeat interval any less than 2 hours as I may create some problem for the SEPM in processing the logs uploaded to the SEPM

I assume you're using a SQL backend, correct? If so, it shouldn't be a problem.

You may need to adjust the amount of logging you're doing as well as adjust the heartbeat communication but overall SEPMs should be able to handle this extra load without much issue.

Attached is a solid guide to review.

Attachment(s)

SEP - SizingSizabilityBestPractices_SEP12.1_0.pdf   910 KB 1 version

Yes, It is a SQL backend.

My other question then, is that these SEPM's are currently Server2008 R2 and I would like to move to Server 2012 R2. My thought was to stand up two more SEPM's, make sure that I had updated the sylink on all endpoints. Then decomm the older 2008  servers to leave the 2012's in place. Does this sound ok as well?

Thanks

PaulC

sounds like a working plan. just one question though how many DB do you have and if the answer is two are you replicating the two 2008 R2 servers ?

Are you going to follow DR or replicate with the current SEPMs to get everything moved over?

My plan was to replicate.

Just make sure all SEPMs are on the same version. They need to be in order to replicate. Otherwise, you should be fine.

Yes I will. Do I need to the same SQL version installation as well to set the connection to our SQL cluster?

Are you staying on the SQL db or moving to another one?

I wouldn't suggest replication becasue there is a know issue where is, when you remove the primary SEPM, in your case it will be 2008 R2. the SEPM on 2012 R2 can never act as a primary SEPM. so I would suggest you to install all the SEPM connecting to single SQL DB . once your new SEPM is up point all the clients to those 2 2012 R2 SEPM and then decommision the old SEPM.

Staying on the same SQL database.

The point of picking the replication method is keep all the groups and everything else there. Can you not promote another SEPM to be the primary? then decomm the old one?

If your are using only one SQL DB then there is no need to replicate as all thhe SEPM will have the same info, group structure and policies, in this method you can easily remove the 2008 servers once the 2012 server is functional.

answer to your second question : that would erase the data on the SEPM that you will be making as secondary (in your case 2008R2).