Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Single or Multiple Management Servers?

Updated: 21 May 2010 | 4 comments
Justin I's picture
Justin I
0 0 Votes
Login to vote
This issue has been solved. See solution.

In searching through these forums I have found a lot of talk about management servers and client deployment.  I have been unable to find an answer to what I am looking for, which is:

-Should I use a Single SEPM and GUPs (for the smaller branches) or should I deploy multiple management servers?

-If Single/GUPs, what is the best method for deploying the clients to the branches?  Via SEPM over WAN link seems cumbersome and time consuming.

-If multiple, what is the proper way to install an addtional management server in a branch and have it connect to the same database that the corp SEPM uses?

Our setup is like this:

Corp - 250 Employees
20 or so branches - Ranging from 2 to 30 employees each.

I would like to be able to work on this over the weekend so if anyone could give me some advice, I would greatly appreciate it.  I have tried to deploy the client by copying ClientSupport.exe and supporting files to the branch server and this seems to work.  The problem is that I don't necessarily know the machine name of all computers in the branch and would like to be able to scan the subnet so I don't miss any.  I could do this from the corporate SEPM, but that would mean that several 64MB installs would be going across these small 1.5Mb WAN links and would take forever to accomplish.

Any guidance that you can provide is greatly appreciated!

Discussion Filed Under:
,

Comments

Sandeep Cheema's picture
18
Apr
2008
0 Votes 0
Login to vote
Sandeep Cheema

-Should I use a Single SEPM and GUPs (for the smaller branches) or should I deploy multiple management servers?
 
You may go for either of these, multiple SEPM's would give you the advantage of having failover and load balancing whereas the GUP's would be the clients that distribute the virus defs but do not have the capability to manage other clients.If you have roaming clients, then having multiple SEPM's would be an added advantage as you would be able to define the location to connect to if they are out of scope of the primary SEPM
 
what is the best method for deploying the clients to the branches? 
 
The best method in your case would be to create the package from the SEPM and then take that over to the branch office to be put on a share and then you may put in the login script for the clients.Alternatively you may write a simple script using PSexec and make that package run if the machine is turned on.As you said that you do not miss any, you may ping the clients in the script and if the errorlevel is not 1 you could go ahead and install the client on it with the exceptions of gateway or DNS or routers.Once installed, The client would connect to the manager from which the package has been prepared.
 
-If multiple, what is the proper way to install an addtional management server in a branch and have it connect to the same database that the corp SEPM uses?

 
When installing the additional management server, you would have to make it point to the existing SQL database for the "failover and load balancing"
 
 
 
 
 



Message Edited by Sandeep_Cheema on 04-18-2008 04:39 PM

De facto when AV does something, it starts jumping up and down, waving its arms, and shouting "Hey!  I found a virus!  Look at me!  I'm soooo goooood!"

SOLUTION
Piyush Jhunjhunwala's picture
18
Apr
2008
0 Votes 0
Login to vote
Piyush Jhunjhunwala
Symantec Employee

With Less than 30 users per branch its best to use GUP.
Ensure: 1.To enable GUP download updates from Symantec's LiveUpdate Server for failover 
2. Disable policy inheritance on the groups that will be using the GUP functionality since GUP does not provide content updates to child groups (subgroups) that inherit settings. Use at least one GUP per group.
 
Enable a client per group as unmanaged detector and use Find Unmanaged Computers to find missing clients.
Deployment can be done using Find Unmanaged Computers or a logon script as Sandeep mentioned.
Would not recommend use of multiple SEPMs due to bandwidth considerations.

Piyush Jhunjhunwala

| Technical Support Analyst | Enterprise Support ( Endpoint Security) |
| Symantec Corporation | www.symantec.com |

Justin I's picture
20
Apr
2008
0 Votes 0
Login to vote
Justin I

Thank you for the responses.  That helps a lot.

Now, I cannot seem to figure out how the unmanaged detector works.  How do I get the list of unmanaged computers that it dectects?  I saw mention of a security report in another post, but I don't see where this report is.  The only one I found was "Security Status Summary" under "Computer Status".

Again, thank you for your help.

Sandeep Cheema's picture
21
Apr
2008
0 Votes 0
Login to vote
Sandeep Cheema

I'll just paste the differences between the two here, It's explanatory:
 

Unmanaged Detector Basics

Be pro-actively notified (by setting a notification for "unmanaged computers". Also under the Security Status details from Start page in Symantec Endpoint Protection Manager).

Always running when enabled, coverage over time

Actions taken on unmanaged computers separate process

Find Unmanaged Computer Basics

On demand

Gets "a snapshot" of systems connected to the network when run

Possible to respond to unmanaged systems by deploying Symantec Endpoint Protection client (with login credentials)

 

Something that could be of use to you, to make things easier, here are the steps for creating an unmanaged client notification in the SEPM:

Open and login to the SEPM

Click Monitors

Click Notifications

Click Notification Conditions

Click Add

Select Unmanaged computers





Message Edited by Sandeep_Cheema on 04-21-2008 11:39 AM

De facto when AV does something, it starts jumping up and down, waving its arms, and shouting "Hey!  I found a virus!  Look at me!  I'm soooo goooood!"

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,017