Flosse’s IT corner

One of the great improvements and features of Symantec Endpoint Protection is the location awareness. t allows for very good administration and security configurations. You can, for example, have all your different subnets or IP address ranges assigned to specific Symantec Endpoint Protection Manager (SEPM) servers to fetch updates from. This allows you to save on bandwidth and provides high availability to all your clients. You can have multiple sites that connect to a specific server.

Another option you can have is locations such as Office, VPN and Outside. This would allow you to assign different firewall and security settings to the specific locations in order to really protect the clients. You could have all traffic allowed if the machine is within the corporate network but high firewall settings and no web-surfing allowed when the machine is not. This would require that all machines have to connect through VPN and no other traffic is then allowed besides into the corporate network. You can also specify that all web connectivity as to go through the corporate firewall or proxy.

The locations based approach also gives you the opportunity to combine both previous scenarios; assign different SEPM servers to specific IP ranges inside the network and have two additional locations such as OutofOffice and VPN which contain the high security settings discussed earlier.

The last scenario is in my opinion the best option simply because it gives you the best redundancy and flexibility as well as letting you save on bandwidth.

Essentially if you have several locations in a country that are well connected but slow links between the countries and the head office, for example, you could have one SEPM server located in each country and one wherever your VPN entry point is. Then have the SEPM servers replicate once a day or twice a day with the head office. Symantec releases twice per day new definitions so you could synchronize your replication with that schedule and get within one hour of the officially released definitions, new ones to your clients. The hour schedule here is because you have to also take into account the building of the new definitons after they are downloaded. Symantec provides only complete sets and packages. These are then built by the SEPM servers into different architectures since it would take too much time and space for Symantec to do this.

Overall, while the “1.0″ launch of SEP and especially the SEPM servers, was rather rocky and there were plenty of issues, the current stable version (Maintenance Release 2 Maintenance Patch 1) is actually very stable and is working very well even in environments with low bandwidth but many clients.