Endpoint Protection

Hello,

I can have several SEPM servers in a Priority of my Management Servers List. This is viewed as a Load balancing for clients..

However, support tells me that when a client is connected to a SEPM, it won't try the other ones of the list until a failure when connecting to this SEPM.

=> Is it right ?

=> How to do a load balancing process for the SEP clients (excepted the usage of several Management servers list policies)

Thanks in advance

Regards

You might want to check this link for your referrence:

http://www.symantec.com/business/support/index?page=content&id=TECH94122

Best Regards,

You can install two or more management servers that communicate with one Microsoft SQL Server and configure them for failover or load balancing. Failover configuration causes one server to pick up the client communications load if another server becomes unavailable. Load balancing configuration causes servers to share the client communications load and automatically implements failover if one of the servers goes offline.

About failover and load balancing

Managed Load Balancing: Setting up Management Server Lists based on locations in Symantec Endpoint Protection Manager.

About installing and configuring Symantec Endpoint Protection Manager for failover or load balancing

Installing a Symantec Endpoint Protection Manager server for failover or load balancing

Hi,

Please check this links.

SEPM Failover/Loadbalancing - Embeded Database

https://www-secure.symantec.com/connect/forums/sepm-failoverloadbalancing-embeded-database

Configuring failover and load balancing for Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=HOWTO26806

Setting up failover and load balancing

http://www.symantec.com/business/support/index?page=content&id=HOWTO55323

How to create SEPM failover

https://www-secure.symantec.com/connect/forums/how-create-sepm-failover

=> Is it right?

Yes this is correct

=> How to do a load balancing process for the SEP clients (excepted the usage of several Management servers list policies)

Easiest way to do it is setup 7 groups within your SEPM and put the machines you want serving by different SEPMs in to the different groups. Then go to Policies > Policy components > Managment server list and create 7 policies with the SEPM's as first priority you want for each group and allocate the specific policy to each group. This will get the machines in those groups to check into the specific SEPM required as a priority. You can set the other SEPM's as backups in case the main ones are down. 

Hello,

So no real Load Balancing... So bad...

If I have a Mangement servers list with 3 servers, do the clients will always try to connect at the upper one in the list ? And if not, second and then third ?

What are the reasons that can force a client to change its SEPM server excepted if SEPM is down ? And excepted usage of several groups with several policies...

To change the SEPM server of a client, is the replace of sylink.xml localy the only solution ?

And finaly, is the DNS Loda Balancing the only way to have a real SEPM balancer for clients ?

Rgds

Hi look into the below links:

SEPM Failover/Load balancing - Embedded Database

http://www.symantec.com/connect/forums/sepm-failoverloadbalancing-embeded-database

Setting up failover and load balancing

http://www.symantec.com/business/support/index?page=content&id=HOWTO55323

How to add "Replication Partners" and Schedule Replication

http://www.symantec.com/docs/TECH104986

Hello,

Can someone give me information regarding these points ?

Thanks in advance,

Regards

on which points you require information???

Hello,

And finaly, is the DNS Loda Balancing the only way to have a real SEPM balancer for clients ?

=> Is this supported by Symantec ?

Yes

Other options
In addition to the functionality provided by the Management Server List, the following third-party options are available for implementing load balancing or failover clustering:

• Configure a DNS round-robin, where the IP addresses of your Management Servers are all linked to the same DNS name; Add that DNS name as the only entry in a custom Management Server List.
• Use a hardware device that provides failover or load balancing

http://www.symantec.com/business/support/index?page=content&id=TECH104519

Sooo, going back to your first post, the support guy is correct to a point.  I'd recommend checking out the below article:

http://www.symantec.com/docs/TECH213147

It essentially says that when clients receive a MSL with multiple SEPMs of the same priority, they will initially load balance (pick one at random) between them.  Once they've connected to one however, the clients will usually reuse the same SEPM again and agin until there is a problem and fails to connect.  If it fails to connect, then it will randomly pick another SEPM of the same priority again.

What the article also says is that you can make a simple reg change on your clients so that they always randomise which SEPM to connect to.

In a "multiple SEPMs connecting to single DB" environment, the priority assignments in the Default Management Server List should already have all SEPMs of the same priority, so you really shouldn't have to do anything other than change the regkey identified in the article.

Note how this is purely based off of the clients randomly picking a SEPM, and is not true load-balancing (the SEPMs don't talk to each other to say how many clients they're handling at any one time and shift clients around).  The maths is in your favour that the it should approximate an even distribution, but is not guaranteed.

To add to my post, it's also worth noting that according to the below article, the clients will automatically ignore the "last used SEPM" registry every 24 hours or so, and choose a SEPM anew anyway:

http://www.symantec.com/docs/TECH92879