Endpoint Protection

Greetings,

I need to build a case for running three SEPMs connected to each other, or for running them independently. We have three locations, approximately 250 clients, all on one Svr2003 domain.

I know the major reasons in favor of connecting SEPMs, are redundancy and load balancing. However, I cannot locate any recommendations (or caveats) for running independent SEPMs.

The second and third (yet to be installed) SEPMs will be running on Hyper-V VMs. If we keep these SEPMs independent, and if there is a problem with the server, can't we just restore the server from a Hyper-V backup? Or will the restored SEPM need to be reconfigured to manage it's respective clients?

This all came about while setting up the second SEPM as a replication partner. I realized that all three SEPMs and their associated client installers could point to the same Client Group. I decided to rename that existing Client Group (which contained no clients) to a more generic name, rather than reflecting one physical location or another. All clients became orphaned after I replicated and I had to scramble to run the Sylink Replacer utility.

I appreciate any comments, advice and/or links offered.

Hello,

In your case, I would suggest you to check this Thread, which would assist you deciding on the Architecture -

http://www.symantec.com/connect/forums/symantec-endpoint-protection-management-multi-site-setup

Again, Symantec does support and recommend protecting individual Virtual Machine endpoints running on Hyper-V Server with an appropriate Symantec protection product. For more information on SEP in virtualized environments, see Symantec Endpoint Protection 12.1 - Virtualization Best Practices.

For technical information on Microsoft's Hyper-V server, see Microsoft Hyper-V Server.

Check this Thread:

https://www-secure.symantec.com/connect/forums/sepm-vm

Hope that helps!!

The following DR might help you.

http://www.symantec.com/business/support/index?page=content&id=TECH102333

You can configure all the 3 SEPMs with the same priority in a single site.

Based on your number of clients, I would suggest you to set up only one SEPM, and use GUP on remote locations to save bandwidth.

A SEPM can manager few thousands clients and replication is not required in your case. Please have a look there:

http://www.symantec.com/docs/TECH92051
http://www.symantec.com/docs/DOC4448

Thank you for the quick responses and recommendations!  I have some more reading to do!  :)

I am now thinking of:

- One SEPM in our office (150 clients)
- GUP in 2nd location (40 clients)
- GUP in 3rd location (30 clients)

Regarding using GUPs instead of SEPMs in remote offices:
I presume installation packages are only created from the SEPM.  I will create and update installation packages from here and place copies of them in the remote office servers.  For local non-IT staff to install managed SEP clients.

I may add a second SEPM in our office for failover purposes.

Thank you and have a great weekend!

yes, thats look good plan.

Hi,

yes, this is a good plan, rather than having too many SEPM's that would not bring you great advantage, but just more unpleasent maintenance.

In regards of the fail over, note that the SEP Manager is not so critical application as you believe, i.e. if it fails, none of your users will notice it (no real impact on business activities) and the SEP clients will still protect your systems. This is to say that if you have a good backup and restore plan, if the SEPM fails and you are able to restore it in few hours (that's to avoid the clients will be out-of-date with AV definitions), you don't really need another SEPM for fail over.

Thanks again for all the quick responses!  I have not abandoned this thread.  Just been extremely busy with other projects, i.e.; setting new servers with Hyper-V clients, struggling with Acronis ABR image restores, etc.

At this point, I have SEPM 12.1.1101.401 (RU1 MP1) installed on a fresh VM, and I am just about finished with all the policy and group customization.  Next step will be to setup the GUPs and create installation packages.  Then comes the fun of migrating all our 12.1.1000.157 RU1 and 11.0.5002.333 clients.  25% of those clients do not have File & Printer Sharing enabled.  Final step (I hope!) will be to convert all our SAV 10.1 stragglers.

Our management has no idea what kind of monster the SEPM can be.  Even with so few clients, we still have quite a lot of custom settings.  Mostly due to our hesitation to utilize all the SEP features.  "We don't want to introduce anything new that SAV did not have." (!!)

HI,

ya, vote up for all suggestions to you. you should have only single SEPM for your sites. If you have thousands of clients then you shuld go for failover server. As far as SEPM 11.0 it can support upto 50000 clietns for your sites and with SEPM 12.1 you can manage upto 70000 clients with SQL database. No need to deploy seperate SEPM for your remote sites, Just configue GUP in your SEPM for your remote site any one Systems , better if  it may be be an application server or any Server which will act as GUP to distribute content to local clients.

Hi,

unfortunately malware introduced a lot of new features... this is why SEP has more features than SAV and a simple AV is not enough any more to have a safe network.