Endpoint Protection

 View Only

  • 1.  SEPM replication concept and analogy

    Posted Oct 08, 2012 08:57 PM

    Hi,

    I have two SEPm installed in different VLAN / DMZ zones and between those two SEPM (SEPM-I internal and SEPM-E external) I have configured replication in between those two servers I only select the  "Replicate Client packages and LiveUpdate content" between local sites and partner site, does that means any changes that I made in either one of those SEPM will be reflected on the other SEPM ?

    so the behaviour is like AD domain controllers ?

    cmiiw ?



  • 2.  RE: SEPM replication concept and analogy

    Broadcom Employee
    Posted Oct 08, 2012 09:09 PM

    it means the contents and packages are replicated from the site to the remote site unless you have checked the other option content from remote to local.

     

    as a best practise it need not be checked as bandwidth is consumed a lot,

     

    this should answer your question

     

    The Philosophy of SEPM Replication Setup:

    http://www.symantec.com/docs/TECH93107



  • 3.  RE: SEPM replication concept and analogy

    Broadcom Employee
    Posted Oct 08, 2012 09:22 PM

    adding another helpful link

    Replication and considerations

     

    http://www.symantec.com/connect/articles/replication-and-considerations

     



  • 4.  RE: SEPM replication concept and analogy

    Posted Oct 08, 2012 09:46 PM

     

    Hi,

    It's not suggested to have content and packages to be replicated. You may need to uncheck these. Configure both the SEPM's to download from Symantec liveupdate or the internal liveupdate

    Replication and considerations

    http://www.symantec.com/connect/articles/replication-and-considerations

    Symantec Endpoint Protection Manager Replication Workflow

    http://www.symantec.com/business/support/index?page=content&id=TECH172181

    Check this thread

    https://www-secure.symantec.com/connect/forums/best-practice-sepm-live-update



  • 5.  RE: SEPM replication concept and analogy

    Posted Oct 08, 2012 11:35 PM

    Ashish,

    The reason I'm doing this is for security purpose only, bandwidth is not an issue as we have unlimited Dark Fibre link between SEPM sites.

    SEPM-I has firewall rule to allow LiveUpdate download to the Symantec internet site while SEPM-E server doesn't, so it grabs all of the updates from SEPM-I



  • 6.  RE: SEPM replication concept and analogy

    Broadcom Employee
    Posted Oct 09, 2012 12:30 AM

    ok, you may also consider to have LUA at the other site where SEPM cannot reach to internet and if this can be accomplished then you can stop replication of content and packages.



  • 7.  RE: SEPM replication concept and analogy
    Best Answer

    Broadcom Employee
    Posted Oct 09, 2012 02:43 AM

    Hi John,

    Replicate Client packages and LiveUpdate content" between local sites and partner site, does that means any changes that I made in either one of those SEPM will be reflected on the other SEPM ?

    --> No it's not 100% correct.

    If you look at this article https://www-secure.symantec.com/connect/articles/replication-and-considerations

    You will see picture stating what is optional and what is mandatory.

    By default when you do any changes in policy and groups it will be bidirectional changes, it will be replicate on both the servers.

    Client Packages and content updates are optional bidirectional.

    Logs are optional bidirectional or unidirectional.



  • 8.  RE: SEPM replication concept and analogy

    Broadcom Employee
    Posted Oct 09, 2012 09:15 PM

    does the above thread answer your question?



  • 9.  RE: SEPM replication concept and analogy

    Posted Oct 10, 2012 01:09 AM

    Cool, thanks everyone for your prompt response.