Hi,
I would like to answer your questions.
1) If I have 2 locations one is USA and other is Banglore then how I can consider the SEPM infra and client are 50000-1 Lakh. What is advantage of Liveupdate Administrator server over this Design. Also what are ideal disaster recovery (BCP plan) for this.
--> You should decide whether you want failover and replication between two sites or not?
If yes..then need to configure SEPM at each location.
If not then can have a GUP at each location & sub branches.
Liveupdate administrator is useful if having multiple SEPM's in the network and don't want each SEPM to go to the Internet to take the updates. LUA will go over the Internet and will pass on available updates to the SEPM's.
LUA is also useful if having multiple Symantec products. LUA can download multiple products updates over the internet.
2)If I am getting 1000 incident (infection of virus) in 5 min then how I should respond to this situation.What is primary focus to this incident management.
--> Probably in that case it can be a new threat. Try to find out source machine, what kind of infection it is, SEP taken actions. If SEP is not taking any action then log a Severity 1 case with Symantec to received immediate assistance. Symantec security response team can guide you further.
3)If My SEPM has all required ports and network configuration done and still It can't update the virus definition itself then what may be possibility.What is RCA of this,
--> Then need to identify what can be the possible root cause.
Take a help of this article in that case.
Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart
http://www.symantec.com/docs/TECH95790