SEPM configuration for geographically seperated sites
Hi,
Don't know if anybody can answer this question here, but i'm having some trouble configuring SEPM. We have a company that exists of one HQ and 5 other sites connected through dedicated lines.
Now i would like to configure SEP in a way that we have 1 SEPM (in the HQ) that downloads virus defs from symantec and distributes them to it's clients and the other SEPM's in the 5 sites. In their turn the other SEPM's will distribute their virus defs to their clients.
I've included a small visio drawing to clarify my point.
The question is: how do i configure SEPM for this setup?
- do i create a seperate site in SEPM for each geographical site ?
- do i need to install a liveupdate server in the HQ for the other SEPM's to download their defs from?
- ...
I hope you understand my question... :)
thanks in advance.
Comments
The most important question
The most important question over here would be how many clients do you have in each location.
A GUP ( group Update Provider can be used in this scenario. A GUP can handle upto 1000 clients but practically upto 500-600 clients.
However if you want it your way then
You can have 1 main SEPM and install 5 replication partners to these SEPM and replication content ( definitions )
or
Install first SEPM with SQL.
and install reset 5 SEPM consoles as failover/Loadbalacing SEPM's
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
GUP
Hi Vikram,
Each site will contain no more then 500 clients.
So i don't really need extra SEPM's in the sites? Can these GUP also work as a SEPM in case the SEPM in the HQ breaks down?
thanks
For 500 clients in my opinion
For 500 clients in my opinion it is better to keep a separate SEPM .If the SEPM is not working GUP also will not work..
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Symantec Endpoint Protection
Symantec Endpoint Protection 11.0 Group Update Provider (GUP)
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092720522748
About Load Balancing and Failover Clustering in Symantec Endpoint Protection 11.0
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008032810341548
How to install the Symantec Endpoint Protection Manager(s) for replication
http://service1.symantec.com/support/ent-security.nsf/docid/2008091703483748
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Do as follows Install first
Do as follows
Install first SEPM(HQ) as first site.
Install all other SEPMs as replication partner.Refer below link
How to install the Symantec Endpoint Protection Manager(s) for replication.
Remove replicating client packages and liveupdate contents
Install one LUA at HQ point all SEPMs to download from this LUA.
Note:This will be agood setup if you are having more clients.If you are having only few clients go for GUP.
Symantec Endpoint Protection 11.0 Group Update Provider (GUP)
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
With SEP RU5 the GUP can
With SEP RU5 the GUP can support upto 10000 Clients.
It is really go to see that the SEP Architecture is already designed, but make sure that your WAN link is capable of handling the traffic.
If bandwidth is a concern then go with this architecture
SEPM on the main sites installed on with Failover
Create 5 groups in SEPM corresponding to each site and designate a GUP Locally.
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
-
Hi,
thank you all for the fast replies. I will try to go through the documentation you provided.
The infrastructure of the HQ is already installed and operational.
-edit-
If i am correct, a GUP is just a client on a workstation that forwards the def's to other clients?
in the GUP documentation i find:
Scenario that will be addressed by adding a GUP
Customers with Branch offices
Think of situations where you would use a Secondary Server in Symantec AntiVirus 10.x, but where this was not an ideal solution. Typical a branch office.
The office has from 2 to 20 computers, often toward the lower number. One of these computers may be a server (A pharmacy or a grocery store for example), or there may only be workstations, as in banks. The network to the branch office does not have a large amount of bandwidth. This is what drives the need to proxy identical content.
In Symantec AntiVirus 10.x some customers might use a Secondary Server in this situation however, secondary servers with clients download an "XDB" file to provide virus definitions for the clients. The "XDB" file is around 12 MB in size, sometimes larger. The secondary server sends the clients a file with changes to the definitions at a size of 50 KB to 100 KB. The arithmetic is against the secondary server scenario or any automatic download of full content by the GUP. A secondary server would download far more content over the small amount of bandwidth than all of the clients combined. Break-even is around 200 computers.
Yes you are right. Go for
Yes you are right.
Go for separate SEPM in each branch..
pls refer my earlier post..
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
thanks.
thanks.
replication server
Hi,
I'm trying to install a new SEPM server for replication with this document
http://service1.symantec.com/support/ent-security.nsf/docid/2008091703483748
At the end it asks me to initialize he DB. this will clear all existing data.
Does a replication server needs its own DB? Is't it possible just to use it to distribute virus defs and use just one DB?
Is there some documentation about what a replication server exactly is/does?
thx.
Does a replication server
Does a replication server needs its own DB?
Yes.
Is it possible just to use it to distribute virus defs and use just one DB? .
Possible ,but not recommendable because your DB server is not present in the same local Lan.
Replication server will do the same functions which a main SEPM does..
At the end it asks me to initialize he DB. this will clear all existing data.
Do you run management server configuration wizard more than one time?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Yes for that you will have to
Yes for that you will have to Install 1 SEPM on SQL then install other SEPM as Failover/Loadbalancing
About Load Balancing and Failover Clustering in Symantec Endpoint Protection 11.0
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008032810341548
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Been there myself
Running with 6 SEPMs puts you close to the practical limit on SEPMs per tech support. I once had 27 SEPMs and SEP threw up all over itself. I was told 5 is a practical number of SEPMs and the max was something like 8. Running 6 SEPMs will put a heck of a load on your WAN as they talk to the database. They are very chatty.
I strongly urge you to use SEPMs at your HQ and GUPs at your satellite locations. The clinets will still talk to the SEPMs for their "marching orders" (~5k of traffic per client per heartbeat) and get updates (big amounts of traffic) from a localized GUP. Increase the client heartbeat to 3 hours or more to minize impact to your WAN
That's my 2 cents
Would you like to reply?
Login or Register to post your comment.