Press "Enter" to skip to content

Symantec Endpoint Protection Design and Architecture

0

SEP’s  Layers Protection Technologies


1: Network-based protection

Network Threat Protection:
■ Firewall
■ Protocol-aware IPS Virus and Spyware Protection:
■ Browser protection

2: File-based protection

Virus and Spyware Protection:
■ Antivirus engine
■ Auto-Protect
■ Bloodhound

3: Reputation-based protection

Virus and Spyware Protection:
■ Domain reputation score
■ File reputation (Insight)

4: Behavioral-based protection

■ Proactive Threat Protection (Virus and Spyware Protection policy): SONAR

5: Repair and remediation tools
Power Eraser:
■ Boot to clean operating system
■ Power Eraser uses aggressive heuristics
■ Threat-specific tools

6: Exploit mitigation

Generic Exploit Mitigation

7: Others

System Lockdown
Application control
Device control

Mgmt Failover and Load Balancing

Failover configurations are used to maintain communication when clients cannot communicate with a Symantec Endpoint Protection Manager. Load balancing is used to distribute client management between management servers. You can configure failover and load balancing by assigning priorities to management servers in management server lists.

You can install two or more management servers that communicate with one Microsoft SQL Server database and configure them for failover or load balancing. Since you can install only one Symantec Endpoint Protection Manager to communicate with the embedded database, you can set up failover only if you
Managing failover and load balancing replicate with another site. When you use replication with an embedded database, Symantec recommends that you do not configure load balancing, as data
inconsistency and loss may result.

By default, the management servers are assigned the same priority when configured for failover and load balancing. You can only configure load balancing when a site includes more than one management server.

Three methods to provide both load balancing and roaming:
■ Enable DNS and put a domain name as the only entry in a custom management server list.
■ Enable the Symantec Endpoint Protection location awareness feature and use a custom management server list for each location. Create at least one location for each of your sites.
■ Use a hardware device that provides failover or load balancing. Many of these devices also offer a setup for roaming.

Load balancing occurs between the servers that are assigned to priority 1 in a management server list. If more than one server is assigned to priority 1, the clients randomly choose one of the servers and establish communication with it. If all priority 1 servers fail, clients connect with the server assigned to priority 2.

Using different priority, mgmt server can do failover. If all mgmt servers are same priority, they are working on load balancing mode.

Typical Failover/Load balancing Design

One MS SQL server , not embedded version

Multiple Sites Design

Or using two embedded MS SQL servers with multiple Sites.

Replication enables data to be duplicated between databases on separate sites so that both databases contain the same information. If one database fails, you can manage each site by using the information on the database from the second site.

Replication partners can use either an embedded database or a Microsoft SQL Server database. If you use an embedded database, you can only connect one Symantec Endpoint Protection Manager. If you use the Microsoft SQL Server database, you can connect multiple management servers that share one database. Only one of the management servers needs to be set up as a replication partner.

Failover with different priorities
Load balanceing with same priority

For example, you may want to set up one site at your main office (site 1) and a second site (site 2). Site 2 is a partner to site 1. The databases on site 1 and site 2 are reconciled by using the replication schedule. If a change is made on site 1, it automatically appears on site 2 after replication occurs. If a change is made on site 2, it automatically appears on site 1 after replication occurs.

Leave a Reply

%d bloggers like this: