Video Screencast Help

What is the Criteria to select Priority 1 servers

Created: 08 Oct 2012 • Updated: 26 Dec 2012 | 11 comments
irtezaahsan's picture
This issue has been solved. See solution.

Dear All, 

Can anyone tell me how clients select priority 1 servers in load balancing of SEPM ? 

Comments 11 CommentsJump to latest comment

Ashish-Sharma's picture

In this illustration, the servers are identified with the numbers 1 and 2, which signify a failover configuration. In a failover configuration, all clients send traffic to and receive traffic from server 1. If server 1 goes offline, all clients send traffic to and receive traffic from server 2 until server 1 comes back online. The database is illustrated as a remote installation, but it also can be installed on a computer that runs the Symantec Endpoint Protection Manager.

Managed Load Balancing: Setting up Management Server Lists based on locations in Symantec Endpoint Protection Manager

Configuring failover and load balancing for Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=HOWTO26806

http://www.symantec.com/business/support/index?page=content&id=TECH104582

Installing a Symantec Endpoint Protection Manager server for failover or load balancing

http://www.symantec.com/business/support/index?page=content&id=HOWTO17968

check this thread

https://www-secure.symantec.com/connect/forums/sepm-failoverloadbalancing-embeded-database

Thanks In Advance

Ashish Sharma

 

 

Chetan Savade's picture

Hi,

Management Server Lists are primarily used for failover scenarios, where Symantec Endpoint Protection Manager (SEPM) servers are assigned a priority so that if the primary SEPM goes down, the clients know to contact a secondary SEPM. When the preferred SEPM comes back online, the clients will move back to it since it has a higher priority. However, when configured in conjunction with Location Awareness, "managed" load balancing of Symantec Endpoint Protection (SEP) clients can be achieved. In other words, one can control which SEPM a client connects to based on the client's proximity to the nearest SEPM server.

The reason this is considered "managed" load balancing is because the control over where the clients report is based on configured polices rather than allowing SEPM to automatically

If you add multiple Symantec Endpoint Protection Managers at the same priority, then clients and optional Enforcers can connect to any of the Symantec Endpoint Protection Managers. Clients automatically balance the load between available Symantec Endpoint Protection Managers at that priority. You can use HTTPS protocol rather than the default HTTP for communication. If you want to secure communication further, you can customize the HTTP and HTTPS port numbers by creating a customized management server list. However, you must customize the ports before clients are installed or else the client-to-management server communication is lost. If you update the version of the Symantec Endpoint Protection Manager, you must remember to re-customize the ports so that the clients can resume communication.

Load balance based on numbers of clients. By default, multiple SEPMs will balance all of the clients between themselves.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

irtezaahsan's picture

Let suppose if there are two Priority 1 Servers for load balancing , how clients would know to choose the first or second server , is there any criteria to connect with any of these servers or they just randomly establish there connection with servers 

SMLatCST's picture

The clients randomly pick from all the names and IP addresses of the same priority within an MSL.  Becasue this is based upon a random number generator, there is the possibility that the numbers will be uneven, but usually there's a balanced spread across all the entries of the same priority.

#EDIT#

This is also the reason why you will randomly see some clients report they are connected to the SEPM by it's IP address, while others say the hostname, and further others say the FQDN, when you use the Default Management Server list (which list all three methods of identifying the SEPM by default in SEP12.1).

Ashish-Sharma's picture

Load balancing occurs between the servers assigned to Priority 1 in a Management Server list. If more than one server is assigned to Priority 1, the clients randomly choose one of the servers and establish communication with it. If all Priority 1 servers fail, clients connect with the server assigned to Priority 2

Reference:

https://www-secure.symantec.com/connect/forums/failover-concept

Thanks In Advance

Ashish Sharma

 

 

Chetan Savade's picture

Yes, they will randomly establish there connection with servers.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mohan Babu's picture

You cannot set priority 1 and 2 in Load balancing. Both the servers under priority 1.

Clients will connect to the SEPM's randomly to both the servers.

But in Failover its applicable to set priority 1 & 2 and clients will connect to Priority 1 and if they failed to connect to priority 1 then it moves on to Priority 2.

 

 

///////////////Hope this helps////////////////////

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

Mithun Sanghavi's picture

Hello,

In a failover configuration, all clients send traffic to and receive traffic from server 1. If server 1 goes offline, all clients send traffic to and receive traffic from server 2 until server 1 comes back online.

Load balancing occurs between the servers assigned to Priority 1 in a Management Server list. If more than one server is assigned to Priority 1, the clients randomly choose one of the servers and establish communication with it. If all Priority 1 servers fail, clients connect with the server assigned to Priority 2.

Load balancing servers

Load balancing is used to distribute client management between management servers. 

Servers in the Management Server List that have the same priority are load balancing servers. When clients connect to the servers, they are distributed between the available servers with the same priority in order to distribute the load evenly. For example, if there are two servers with priority 1, the clients will be distributed between those two servers.

Only servers at the same site should be configured with the same priority level in the Management Server List. If management servers from different sites have the same priority, they are treated as load balancing servers. This causes clients to switch between different sites, and incurs the risk of data inconsistency.

Combining failover and load balancing

You can configure failover and load balancing by assigning priorities to management servers in Management Server Lists. Load balancing occurs between the servers assigned to the highest priority in a Management Server List. Servers with lower priority are failover servers. If more than one server is assigned to Priority 1, each client randomly chooses one of the servers and establishes communication with it. If all Priority 1 servers are unavailable, clients connect with the failover servers that are assigned to Priority 2.

If you use the Embedded DB instead of Microsoft SQL, only one manager can be added to each site. In this case, only replication partners are available to use as failover and load balancing servers. Note that this does incur the risk of data inconsistency.

Reference: http://www.symantec.com/docs/TECH104519

https://www-secure.symantec.com/connect/forums/failover-concept

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Seyad's picture

Hi irtezaahsan,

I believe that, if load balance is configuted, its not the clients that determine to which SEPM it should report to. Rather its the SEP Manages that determines it based on the number of clients.

In article TECH104582 it reads as follows:

The reason this is considered "managed" load balancing is because the control over where the clients report is based on configured polices rather than allowing SEPM to automatically load balance based on numbers of clients. By default, multiple SEPMs will balance all of the clients between themselves.
 

The statement in block letters refer to how load balance works by default.

 

Let me know if that helps. Cheers

Ashish-Sharma's picture

HI,

Did you have received your answer ?

Thanks In Advance

Ashish Sharma

 

 

Ferrarium_2's picture

Its more than clear answered by Symantec staff. Thank you. Very good explanation.