Endpoint Protection

 View Only

  • 1.  SEP server installations and performance

    Posted Sep 04, 2009 09:56 AM
    The question I would like ask is whether it is a good idea to have one SEP server installation for two locations (one a child domain of the main parent domain).

    The locations are set in Europe and the US with the parent domain in the US - and there are the following constraints:

    - The maximum bandwidth between Europe and the US is 2mb with bursts up to 3mbit
    - US ~400 installations, Europe ~100 installations
    - US and EUROPE are connected through a permanent VPN tunnel

    Key questions:

    - is it feasible to have one quarantine and update server in the US and suffer no lags in Europe?
    - what traffic do SEP clients generate between them and the server
    - what are the advantages of having one main server installation (besides centralised management)?

    Hope someone can recommend based on past experiences.






  • 2.  RE: SEP server installations and performance

    Posted Sep 04, 2009 10:18 AM
    Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture
    http://service1.symantec.com/support/ent-security.nsf/docid/2009012721190648?Open&seg=ent


  • 3.  RE: SEP server installations and performance

    Posted Sep 04, 2009 10:22 AM
    You can have one SEPM in US
    Replication between US and Europe( SEPM in europe too)

    1) is it feasible to have one quarantine and update server in the US and suffer no lags in Europe?

    Yes , the main us sepm will downlaod defs and will replcated to Europe

    2) Its the heart beat u need to consider

    what traffic do SEP clients generate between them and the server

    https://www-secure.symantec.com/connect/forums/heart-beat

    check prachands comment this is what the size of heard beat would be


    3)what are the advantages of having one main server installation (besides centralised management)?

    cenralized is the utilmate goal..you can have failover too with mutiple sepm..in any case one goes down
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008032810341548

    let me know if you have any further questions





  • 4.  RE: SEP server installations and performance
    Best Answer

    Posted Sep 04, 2009 10:31 AM

    - is it feasible to have one quarantine and update server in the US and suffer no lags in Europe?
    In SEP 11 , the SEPM also servs the purpose of the quarntine server  along with the update server, there is no need to have a seperate quarantine server

    - what traffic do SEP clients generate between them and the server
    HTTP .

    For 100 clients in Europe and heart beat set at 5 mins

    The size of the heart beat is about 2-3 KB/s( the heart beat will carry the policy)

    If the heart beat is 5 min ,The heart beat happens 12 times an hour
    So for 100 clients in 24 hrs it should be = 100*24*12*3 = 86400 = 84.4 mb ( WAN)
    Apart from this there will be daily updates and they will be around 200- 300 kb
    I may be 4 times a day or once in a day,
    so for 100 cleints over the  VPN 4 times  a day = 300*4*100= 120000 = 120 mb


    - what are the advantages of having one main server installation (besides centralised management)?
    if you have one SEPM with a GUP setup in Europe , it will minimize the bandwidth a huge extent

     



  • 5.  RE: SEP server installations and performance

    Posted Sep 04, 2009 10:39 AM
    @Rafeeq @Prachand Thank you both for the links and explanations.