SEPM Replication Setup

book

Article ID: 177602

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Database replication best practice with Symantec Endpoint Protection Manager (SEPM).

Resolution

Q1: What is the maximum number of SEPM's I can have connected to a single database?
A1: Given the amount of time that it can take for a SEPM to replicate to the database can span several hours, for the greatest flexibility and with the goal of not swamping the database, 3 SEPM's per database has been found to be effective.
Detailed Answer: If it takes the average SEPM 2 hours approximately (No replication event will take exactly the same amount of time as the last one. Each event will vary due to the amount of data collected between events) to dump its data to the database, and the next SEPM is scheduled to dump its data to the database in the following hour, then there will be some overlap. The desired situation is to not have SEPM's overlapping in connecting to the database. So, with 24 hours in the day and that the amount of data generally increases on the SEPM over time, a window of 2 - 3 hours per SEPM results in 3 to 5 SEPM's having enough time to connect to the database without overlapping.

Q2: How long does replication take?
A2: That will depend on the size of the database as well as network links between the sites. You should do replication and see how long it takes and then schedule your replication-based at that time.
Detailed Answer: Ideally, the following items have been reviewed prior to the install of the database and each SEPM:

  1. The network links between the SEPM and the database have been tested for effective performance (Ask about the AppCritical test.) and worked on as required.
  2. The individual systems involved (SEPM's and the databases) meet or exceed the system requirements.
  3. The NICs on each system are relatively new and have the newest drivers installed.

After the physical hardware has been reviewed and determined to be performing satisfactorily, as these items can have a significant impact on the amount of time it takes for the replication to be accomplished, then setting up and observing one replication partner will be critical for planning purposes. Once a replication cycle has been observed and how long it takes to accomplish, then effectively scheduling the replication for each SEPM, without overlap, can be accomplished. See Q3 below for additional detail.

Q3: Is there a best practice or are there sizing concerns that are recommended for setting the frequency of replication?

A3: NOTE: Symantec provides this information as a general guideline. Conditions for every environment are different which may affect the overall performance of replication.

As in any replication environment, the interval of replication should be set so that overlapping replications are avoided. The larger the environment or the more data-intensive the replication, the larger the interval of replication should be. If the amount of data required by replication causes the replication time to exceed the interval of replication, severe performance degradation of the Endpoint Protection Managers can be expected.

To determine a good frequency for replication, observe how long it takes for a replication to complete by reviewing the System: Server Activity logs (SEPM -> Monitors -> Logs tab -> Log type: System -> Log content: Server Activity -> Time range: Past week -> View Log button). In these logs, the time of replication start and completion is logged and time-stamped. Make sure that this time from start to finish is always well below your configured replication interval. The least frequent manual setting for replication is one hour. Note: If Auto Replication is selected then replication may occur as frequently as every 2 hours.


Q4: What data is replicated?
A4: Policies, clients, and groups always get replicated. Logs ("Replicate logs from the local site to this partner site"), and packages and definitions ("Replicate client packages and LiveUpdate content between the local site and the partner site") are optional. Also, the initial replication will replicate the entire database, and then subsequent replications will only replicate changed data based on the USN number in the database and the items selected.