Endpoint Protection

We followed all of Symantec's instructions and best practices for load balancing our six SEPMs.

I would like to know two things:

1. Has anyone had success with actually load balancing SEPMs. And I don't mean if you are a Symantec employee?

2. If you had success with load balancing your SEPMs, did you use some third-party solution, such as Network Load Balancing, or DNS round robin.

I would love to hear about this. For the longest time, our SEPMs have not load balanced and when we open ticket with Symantec, we are yet to hear any solutions.

Kindly help!!!!!

P.S. And please don't say to upgrade to SEP 12.

Generally this is done with the Management server list, do you utilise this?

What are you seeing that's causing an issue?

We have configured the management server.

The thing that I see causing the issue is when I log into SEPM, click on Virus Definitions Distribution, a popup appears. I scroll down to "Virus Definitions Distribution" and see the following:

SEPM 1 - 40000 checking in

SEPM 2 - 15000 checking in

SEPM 3 - 12000 checking in

SEPM 4 - 10000 checking in

SEPM 5 - 20000 checking in

SEPM 6 - 12000 checking in

Symantec told us to update our Management server list and then push sylink, but this is not working.

That is why I am asking, has anyone successfully load balanced their SEPMs and if they used third party method, such as Network Load Balancing or DNS round robin.

Hi,

We didn't try with Symantec LB but we are planning to use Symantec LB after upgrading our SEPMs to RU7 MP2. So I can't answer your 1st question.

We have been using a phyisical Load balancer (Round Robin) in our environment and it is successful. Hope that answers your second question.

I opened a case with Symantec. I will re-phrase what they were explaining to me:

Even though Symantec has load balancing, and calls it load balancing, it is not load balancing, but instead, it is failover.

We have 6 SEPM and if there are 36 computers, they will all try to check into the first SEPM listed in the Management Server List (even if all 6 SEPMs are SAME PRIORITY).

So, if all 36 computers check into SEPM_1 on Monday, when they try to check into the SEPM servers again, they will first check into the SEPM they connected to on Monday, i.e. SEPM_1 (this value is stored on the computer checking in). If for some reason a computer is unable to check into the first SEPM, they will try to connect to SEPM_2, and if they cannot connect to SEPM_2, they will try SEPM_3, and so forth.

On Tuesday, if we have 34 computer checking into SEPM_1, and 2 computers checking into SEPM_2, then on Wednesday, those 34 computers will first try to connect to SEPM_1, and those 2 computer will first try to connect to SEPM_2. This is all based on a value that is stored on the computer, not the SEPM.

Our environment is such that, we cannot touch the computers checking into our SEPM, hence we need servers-side solution. So far, the Symantec Engineer has recommended a third party solution, either DNS round robin or Network Load Balancing device.

@ Ariv: There is a saying, "if it ain't broke, don't fix it". I would keep using the physical load balancer (Round Robin).

I could say it is working for me. But of course, not with the exact percentage for all. The balancing is based on randomization, so you can have 50-50 or 33-33-33, but close to it. You can disable the "use the last Group settings" to try to have them reconnect to different SEPMs.

You can disable the "use the last Group settings" to try to have them reconnect to different SEPMs.

Where do I disable this setting on the SEPM?

Clients tab -> Policies -> General settings