Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM desing for large environment

Created: 03 May 2012 • Updated: 11 May 2012 | 13 comments
This issue has been solved. See solution.

Hi All,

I want suggestion from all of forum friends about the design of SEPM for large environment. I have a scenario for up to 2 million clients e.g., north , south, east and west part of globe or country, in each part there would be so many sites , where the number of client would be apprx 200-300. So for these total number of client would be approx 2 million total. There would be good WAN connectivity between sites.

So please suggest me the what type of architecture would be for these number of clients and how may SEPM servers, SQL Server, Failover server, or Replication servers would be reqd. Either single SEPM server would be sufficient for these clients with failover server, SQL server would be on different server or installed in both SEPM, on primary SEPM or failover SEPM. If I installed SQL on different server, in that case I also require additional SQL server to consider in case of fail of SQL server, If I install SQL on both SEPM , first will be primary SEPM and second will be failover which will define on client priority list on SEPM and with replication partner , if one goes down automatically clients will move to failover SEPM so downtime would be Zero.

to update clients on site I will configure GUP on SEPM for that site which would be any one Sever of site which will act as GUP, and to update central site both SEPM I will have two scenario, First I will update SEPM through Symantec Live Update and Second it will update through internal LUA also so for LUA I require one more Server for LUA. Now as I assume total number of server would be only 3 and If I install SQL separately then 2 more server reqd for SQL with failover of SQL.

In that case to manage these millions of clients I require only 2 Servers for SEPM 1 Server of LUA and 2 SQL server for Database. If SQL on both SEPM then only 3 Servers enough for design.

I have describes the scenario above , please suggest me the best design for millions of clients, the update method of site clients, either GUP or through LUA? sites under these 4 region how many groups can be added? I will welcome suggestions all of you.

I have gone through the documents also for SEPM design,

Comments 13 CommentsJump to latest comment

W007's picture

hi Ajhay,

Kindly check attached url.

this is latest Symantec Endpoint Protection (SEP) Sizing and Scalability recommendations best practice

http://www.symantec.com/business/support/index?page=content&id=TECH123242

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

mon_raralio's picture

2 million clients is hard to manage if there would be only one administrator. If possible, I'd recommend to separate the clients into easily managed groups. Start with dividing it by region. They would be separate from each other. I'm also assuming that there would be varying policies between subnets. And in each server, they would be handling 50k clients. Replication would only be per region between 2-4 servers. So that would mean somewhere between 80 to 100 servers (SQL server not included). Administrators would be assigned a few of these to manage. And one can create a policy and send it to the rest of the team.

If you still want to centrally manage them from a single point, it would slow down the network since clients would still be required to communicate to the SEPM server to submit the logs and recieve policies with clients connecting to the server on a minimum of 1,389 clients per minute.

I wouldn't recommend assigning servers to clients at the maximum capacity.

“Your most unhappy customers are your greatest source of learning.”

pete_4u2002's picture

check this link

Symantec Endpoint Protection (SEP) Sizing and Scalability recommendations

http://www.symantec.com/docs/TECH123242

for remote locations you can configure GUP.

ajhay.siingh's picture

HI Mon,

Actually it was mistake by me, two milliion means its upto .2 millions or 200000 clients. With SQL server, how many maximum number of clinets can supported by SEPM. Actually the sizing and scability documents it is shown the range but not defined what is the maximum capacity to support clients, upto 100,000 or 1,50000 clietns or more.

 

if any documents linkd pleae provide. As pete suggested for large number of clients we should go for GUP. it can support to update upto 10000 clients, 

whay type of architecure will u design if above scenario u will have.

 

Regards,

Ajay Kumar Singh (Consultant- Information Security)

 

 

mon_raralio's picture

I'd still go with what I recommend and what the others recommend - just scaled down. Since each SEPM database can handle 50k, I'd divide them into groups of 40k units or less for allowance. 2 servers minimum for each group for load balancing or failover. Then assign a GUP per location or more. Depending on the bandwidth of each node, you may want to add some more GUP servers. Each admin would handle 50k max of clients. And a central admin can create and send out the policies. He can have his own SEPM on a test environment for that. This is crucial for a large scale deployment. We can't risk deploying the wrong policy and cutting off the wrong services.

Also, getting additional support from Symantec's services would definitely help in the long run. :)

Cheers

“Your most unhappy customers are your greatest source of learning.”

pete_4u2002's picture

sql server supports 50 K clients . have the clients in the pull mode. Have SEPM s in LB .

I will say one infra ( 2 SEPM's connecting to 1 SQL) at each region ( assuming the client distribution is same across each region. Hence you will have 4 regions connected by replication for central reporting.

remote locations with GUP.

Cameron_W's picture

If you are going to be managing several 100 thousand clients you may also want to consider Business Critical Support (BCS) so you can have a dedicated symantec support contact. I would recommend speaking with your sales engineer on this support.

If I was able to help resolve your issue please mark my post as solution.

Beppe's picture

Hi,

for 200,000 clients, I recommend you to get in contact with a Symantec solution architect, please contact your sales contact.

Regards,

Giuseppe

ajhay.siingh's picture

Hi All,

Is there any symantec docuent which describe the SEPM with SQL sizing etc? I searched unable to find.

Regards,

Ajay Kumar Singh (Consultant- Information Security)

 

 

pete_4u2002's picture

this is the one you should look at

Symantec Endpoint Protection (SEP) Sizing and Scalability recommendations

 http://www.symantec.com/docs/TECH123242

 

mon_raralio's picture

Hi Ajhay, for the documentation required, look no further than the links provided by the Symantec Employees found in this thread.

If you require information that is not available in the PDF file, post it here or try to get in contact with the Symantec Solutions Architect. This will ensure that you will deploy at the minimum cost on resources while maximising the effectiveness of the SEP product.

Cheers.

“Your most unhappy customers are your greatest source of learning.”

ajhay.siingh's picture

HI all,

Thanks Raralio and other forum members for suggestion. In practically for .2 million clients requires Solution archtect help to design. So It was an Idea for if any requirements comes what would be the architecture for these large number of clients, As I go through the sizing and scalability document suggested by Pete,Manish and other forum friends also, I confirm that with SQL server up to 50000 clients can support and for remote site clients configure GUP for definition update only and clients will keep reporting to SEPM for policies.

Here as I understood the best design setup for large clients. I will welcome your feedback if any changes.

Ideally as suggested by Romalio and by Symantec documents the best practices is that for large clients, divide  clietns locations to zone, e.g., North, South, East, West. Each Site will have 1 SEPM server of managing up to 50000 Clients, Same site 1 more SEPM for failover with replication, and for definition update of SEPM, if internet configured it will update from direct Symantec Live update server and later SEPM will  keep updating to site GUP servers then their clients by GUP. If internet not connected to SEPM than configure LUA server to update SEPM.

Here one querry raise for local site there would be failover server up to 50000 clients, can these 4 zone SEPM server can replicate to any central server to manage centrally. Not manually connectible all zonal SEPM for administration?

And as far as Servers reqd for up to .2 million clients total 8 SEPM server reqd for 4 zones, 2 servers each zone.

for this setup obviously better to get solution by Symantec Solution Architect , but before this please share your opinion about my above design plan as some suggestion by you all forum friends, if any changes reqd?

Regards,

Ajay Kumar Singh (Consultant- Information Security)

 

 

pete_4u2002's picture

sounds good! however involving consulting services of Symantec and BCS support for implementation should be considered.