Symantec Encryption Product Community

Hi All,

I need  suggestion from you all  experts for best practices for our Enterprize SEPM architectre. We have approx 50 Locations across India, few major 5-6  sites  we have between 400-700 clients having 4 to 8 MB Point to Point Leased line, rest all remote sites conneted with MPLS WAN link bandwidh of 1 MB for upto 60 clients and 2 MB for between 100-200 sytems.

What is the best practice I do for our enterprize for above 5 to 6 major sites and rest remote sites having systems, some have 20 , some have 50 some have 75-100 and some have 100-200 systems with 2 MB link. we have major Lotus Notes and SAP application in all sites connected with SAP server  with central HUB site.

Please sugget me either we should have dedicated High end server for small remote sites having sytems between 50-200 ,  and few sites having systems between 200-600  or update through GUP method to update defenition to clients or any method adopting best practices?

Please give your valualble suggestions from enterprize SEPM administrators  and Symantec  support also  for solution for our enterprize remote sites clients  SEPM architecture.I  will grateful for your valuable suggestions and guidelines.

Regards,

Ajay Singh

JIL Inforamtion Technology Ltd

ajay.singh@jalindia.co.in

Hi- First of all you can set the defintion download at single time on that group set at evening/night. Because too low work load at evening/night time. So it will help you.

Same is Remote location. So GUP is better solution to you. Because it consume limited bandwidth.

Thanks Sumeet,

for your feedback. Do we should be have dedicated server for remote site for small clints or in any application server GUP can be configured to update clients, how many clients will support GUP?

Regards,

ajay singh

what is your SEPM Version.

if you are using 11.0.6005 and high. Approx 1000 systems communicate with server

https://www-secure.symantec.com/connect/downloads/create-gup-symantec-can-help-conserve-bandwidth-clients-remote-location

Also one mor change you can add in that group that is

Go to policy in that group

select the communication setting

set the pull mode and time is approx 1 hour..

It will help you to balance the load of that Server which you are using as a GUP.

You can use any of Server as a GUP, but my advice is try to make that Server as a GUP which has too low work load. So that the memory utillization that server will be in balance.

At my locations I have made application server as a GUP Role and almost 800 systems are getting update threw that Server. all are daily update on timely.

Thanks Sumeet,

At Central site at present we have SEPM 11.0.7000 and going to Migrate with 12.1. having 8 GB with RAM and good Disk space. remote sites connected with 1 MB -8MB of WAN link. Remote site  other application server have also very good hardware. so what you suggest instead of dedicated SEPM we should configure GUP for remote sites system virus updation.in Central SEPM how many client can support to update clients?

Regards,

Ajay singh

Hi- Approx 5000 clients are connected threw SEPM in Embedded DB.

No Require the dedicate Server for Remote Location. You can use any Server as a GUP it will work.

How many clients you have??

Which DB is use there??

what kind of DB you will be using? will it be on SEPM?

how many clients will be reporting to SEPM?

check this link, this is must read for sizing and designing SEP

http://service1.symantec.com/SUPPORT/ent-security.nsf/383ed085ad1ed2c6882571500069b34d/18873ad6514d93b2882576cc0065df54/$FILE/SEP%20Sizing%20and%20Scalability%20Best%20Practices_%20v2.1_Final.pdf

Hi Pete,

At main central site SEPM we are using MS Sql database, and at present approx 1200 clients rreporting. And at our approx 30 remote sites we have separate Dedicated High end SEPM server,  some of them  have approx 30 clients, some of them approx 100 client and some of them between 200-500 clients reporting. At present scenario we deployed dedicated High End server for these sites  with 12 GB RAM and 250 GB of disk on each server. Approx 30 SEPM server for each site with embaded database. is is require to have seperate server of can we manage update of definiion through GUP through any other application server which has less load on it. Few sites we hav more in coming future should we go for new dedicated SEPM or can update remote sites through GUP , which will be any server at sites, for these less number of clients managed by central SEPM with SQL databae at head office?

above Sumit also suggested nicely to configured GUP to update site clients.

Regards,

Ajay Kumar Singh

ajay.singh@jalindia.co.in

30 SEPMs !!! its too much in numbers. Definetly you should go for GUP 's at remote locations.SQL can handle 50000 clients. 

As per your detail you can manage the Remote Location through GUP. It will definately Work..

Agree with Pete.. 30 SEPM's is a big number As adviced please use GUP's for your client machines.

Videos' on GUP

https://www-secure.symantec.com/connect/videos/group-update-providers-part-1

https://www-secure.symantec.com/connect/videos/group-update-providers-part-2

In my opinion you can go for LUA for big sites and GUP for small sites.

LUA can provide better virus definition distribution ratio while comparing to GUP, but planning it for smaller sites will create unnecessary traffic in the network. You can either install LUAs in each site or you can install one LUA in your central office and you can host the distribution centers in the sites.

Have a look at these articles.

Installation and configuration of LUA

https://www-secure.symantec.com/connect/articles/installation-and-configuration-lua

Configuring Distribution Center in LUA

https://www-secure.symantec.com/connect/articles/configuring-distribution-center-lua

You can also configure the download and distribution schedule to run on non-business hours as well.

Thanks all

for your valuable suggestion. I configured few sites now through GUP,  its updating regularly without any issues or bandwidth issue. its distributing three revision daily to clients through GUP , whenever through LUA its only one revision daily. thanks all.

Yay!

check this one too if this can be of some help

Sizing and Scalability Recommendations for Symantec Endpoint Protection Rev 2.3
http://clientui-kb.symantec.com/resources/sites/BUSINESS/content/staging/DOCUMENTATION/4000/DOC4448/en_US/1.0/Endpoint%20Protection%20Sizing%20and%20Scalability%20Best%20Practices_%20v2.3.pdf

Depending on how the sites are connected to each other, I would place SEPM at the main sites (>200 clients) and GUP at the smaller sites.  Thus I would have approximately 5-6 SEPMs and 45-44 GUPs. The GUPs would be distributed accross the major sites, hence balancing out the bandwidth usage.