Endpoint Protection

 View Only

  • 1.  SEP Domains: Single Domain vs Mult-Domain

    Posted Jul 03, 2013 05:38 PM

    I am trying to find a good list of the benefits and downfalls of creating a single SEP domain vs multiple SEP domains.  Anyone have a good reference document for helping to make this kind of decision?  We are trying to determine how best to setup an environment and are considering the following options:

    Option 1

    • 1 SEP Domain (Entire Company)
    • 4 SEP Sites (3 Geographical, and 1 Logical/Administrative)
    • 6 Active Directory Domains (3 Geographical and 3 Logical/Administrative)
    • 6+ SEPM's (1 or 2 per SEP Site, depending on needs)
    • 20,000+ Clients

    Option 2

    • 4 SEP Domains (3 Geographical, and 1 Logical/Administrative)
    • 4 SEP Sites (3 Geographical, and 1 Logical/Administrative)
    • 6 Active Directory Domains (3 Geographical and 3 Logical/Administrative)
    • 6+ SEPM's (1 or 2 per SEP Site, depending on needs)
    • 20,000+ Clients

    Option 3

    • 6 SEP Domains (3 Geographical, and 3 Logical/Administrative)
    • 6 SEP Sites (3 Geographical, and 3 Logical/Administrative)
    • 6 Active Directory Domains (3 Geographical and 3 Logical/Administrative)
    • 6+ SEPM's (1 or 2 per SEP Site, depending on needs)
    • 20,000+ Clients

    I'm fighting political battles with regional and AD domain admins in an organization while trying to implement a global delivery model.  I need some good solid advice on the advantages and disadvantages of creating separate SEP domains.  I'd like to be able to compare what the real benefits are of choosing any of the three configuration over another.



  • 2.  RE: SEP Domains: Single Domain vs Mult-Domain

    Posted Jul 03, 2013 05:53 PM

    This is about the best KBA I could find on domains in 12.1:

    http://www.symantec.com/docs/HOWTO80764

    Basically, you get tighter, more granular control over data, users, computers, and policies and the ability to keep them all separate from one another.



  • 3.  RE: SEP Domains: Single Domain vs Mult-Domain

    Posted Jul 04, 2013 06:49 AM

    One of the biggest effects of implementing SEP Domains is that of Administrative rights management for your various admins.  The below article provides information on the SEP Admin account options:

    http://www.symantec.com/docs/HOWTO81226
    http://www.symantec.com/docs/HOWTO80813

    Essentially, implementing SEP Domains allows easier management of accounts that are locked down to a specific subset of clients.



  • 4.  RE: SEP Domains: Single Domain vs Mult-Domain

    Broadcom Employee
    Posted Jul 04, 2013 11:54 AM

    Hi,

    Thank you for posting in Symantec community.

    Each domain that you add shares the same management server and database, and it provides an additional instance of the console. All data in each domain is completely separate. This separation prevents administrators in one domain from viewing data in other domains. You can add an administrator account so that each domain has its own administrator. These administrators can view and manage only the contents of their own domain.

    Here are few helpful articles:

    About domains

    http://www.symantec.com/docs/HOWTO55042

    Adding a domain

    http://www.symantec.com/docs/HOWTO55444

    Managing domains and administrator accounts

    http://www.symantec.com/docs/HOWTO55094

    If using Symantec Protectin Centre then need to check this article:

    About setting up multiple Symantec Endpoint Protection domains in Protection Center

    http://www.symantec.com/docs/HOWTO55364