Video Screencast Help

SEP Domains: Single Domain vs Mult-Domain

Created: 03 Jul 2013 | 3 comments

I am trying to find a good list of the benefits and downfalls of creating a single SEP domain vs multiple SEP domains.  Anyone have a good reference document for helping to make this kind of decision?  We are trying to determine how best to setup an environment and are considering the following options:

Option 1

  • 1 SEP Domain (Entire Company)
  • 4 SEP Sites (3 Geographical, and 1 Logical/Administrative)
  • 6 Active Directory Domains (3 Geographical and 3 Logical/Administrative)
  • 6+ SEPM's (1 or 2 per SEP Site, depending on needs)
  • 20,000+ Clients

Option 2

  • 4 SEP Domains (3 Geographical, and 1 Logical/Administrative)
  • 4 SEP Sites (3 Geographical, and 1 Logical/Administrative)
  • 6 Active Directory Domains (3 Geographical and 3 Logical/Administrative)
  • 6+ SEPM's (1 or 2 per SEP Site, depending on needs)
  • 20,000+ Clients

Option 3

  • 6 SEP Domains (3 Geographical, and 3 Logical/Administrative)
  • 6 SEP Sites (3 Geographical, and 3 Logical/Administrative)
  • 6 Active Directory Domains (3 Geographical and 3 Logical/Administrative)
  • 6+ SEPM's (1 or 2 per SEP Site, depending on needs)
  • 20,000+ Clients

I'm fighting political battles with regional and AD domain admins in an organization while trying to implement a global delivery model.  I need some good solid advice on the advantages and disadvantages of creating separate SEP domains.  I'd like to be able to compare what the real benefits are of choosing any of the three configuration over another.

Operating Systems:

Comments 3 CommentsJump to latest comment

.Brian's picture

This is about the best KBA I could find on domains in 12.1:

http://www.symantec.com/docs/HOWTO80764

Basically, you get tighter, more granular control over data, users, computers, and policies and the ability to keep them all separate from one another.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SMLatCST's picture

One of the biggest effects of implementing SEP Domains is that of Administrative rights management for your various admins.  The below article provides information on the SEP Admin account options:

http://www.symantec.com/docs/HOWTO81226
http://www.symantec.com/docs/HOWTO80813

Essentially, implementing SEP Domains allows easier management of accounts that are locked down to a specific subset of clients.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

Each domain that you add shares the same management server and database, and it provides an additional instance of the console. All data in each domain is completely separate. This separation prevents administrators in one domain from viewing data in other domains. You can add an administrator account so that each domain has its own administrator. These administrators can view and manage only the contents of their own domain.

Here are few helpful articles:

About domains

http://www.symantec.com/docs/HOWTO55042

Adding a domain

http://www.symantec.com/docs/HOWTO55444

Managing domains and administrator accounts

http://www.symantec.com/docs/HOWTO55094

If using Symantec Protectin Centre then need to check this article:

About setting up multiple Symantec Endpoint Protection domains in Protection Center

http://www.symantec.com/docs/HOWTO55364

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<