Endpoint Protection

 View Only
Expand all | Collapse all

What is the Criteria to select Priority 1 servers

  • 1.  What is the Criteria to select Priority 1 servers

    Posted Oct 08, 2012 03:19 AM

    Dear All, 

    Can anyone tell me how clients select priority 1 servers in load balancing of SEPM ? 



  • 2.  RE: What is the Criteria to select Priority 1 servers

    Posted Oct 08, 2012 03:26 AM

    In this illustration, the servers are identified with the numbers 1 and 2, which signify a failover configuration. In a failover configuration, all clients send traffic to and receive traffic from server 1. If server 1 goes offline, all clients send traffic to and receive traffic from server 2 until server 1 comes back online. The database is illustrated as a remote installation, but it also can be installed on a computer that runs the Symantec Endpoint Protection Manager.

    Managed Load Balancing: Setting up Management Server Lists based on locations in Symantec Endpoint Protection Manager

    Configuring failover and load balancing for Symantec Endpoint Protection Manager

    http://www.symantec.com/business/support/index?page=content&id=HOWTO26806

    http://www.symantec.com/business/support/index?page=content&id=TECH104582

    Installing a Symantec Endpoint Protection Manager server for failover or load balancing

    http://www.symantec.com/business/support/index?page=content&id=HOWTO17968

    check this thread

    https://www-secure.symantec.com/connect/forums/sepm-failoverloadbalancing-embeded-database



  • 3.  RE: What is the Criteria to select Priority 1 servers

    Broadcom Employee
    Posted Oct 08, 2012 03:47 AM

    Hi,

    Management Server Lists are primarily used for failover scenarios, where Symantec Endpoint Protection Manager (SEPM) servers are assigned a priority so that if the primary SEPM goes down, the clients know to contact a secondary SEPM. When the preferred SEPM comes back online, the clients will move back to it since it has a higher priority. However, when configured in conjunction with Location Awareness, "managed" load balancing of Symantec Endpoint Protection (SEP) clients can be achieved. In other words, one can control which SEPM a client connects to based on the client's proximity to the nearest SEPM server.

    The reason this is considered "managed" load balancing is because the control over where the clients report is based on configured polices rather than allowing SEPM to automatically

    If you add multiple Symantec Endpoint Protection Managers at the same priority, then clients and optional Enforcers can connect to any of the Symantec Endpoint Protection Managers. Clients automatically balance the load between available Symantec Endpoint Protection Managers at that priority. You can use HTTPS protocol rather than the default HTTP for communication. If you want to secure communication further, you can customize the HTTP and HTTPS port numbers by creating a customized management server list. However, you must customize the ports before clients are installed or else the client-to-management server communication is lost. If you update the version of the Symantec Endpoint Protection Manager, you must remember to re-customize the ports so that the clients can resume communication.

    Load balance based on numbers of clients. By default, multiple SEPMs will balance all of the clients between themselves.



  • 4.  RE: What is the Criteria to select Priority 1 servers

    Posted Oct 08, 2012 04:00 AM

    Let suppose if there are two Priority 1 Servers for load balancing , how clients would know to choose the first or second server , is there any criteria to connect with any of these servers or they just randomly establish there connection with servers 



  • 5.  RE: What is the Criteria to select Priority 1 servers

    Posted Oct 08, 2012 04:14 AM

    The clients randomly pick from all the names and IP addresses of the same priority within an MSL.  Becasue this is based upon a random number generator, there is the possibility that the numbers will be uneven, but usually there's a balanced spread across all the entries of the same priority.

    #EDIT#

    This is also the reason why you will randomly see some clients report they are connected to the SEPM by it's IP address, while others say the hostname, and further others say the FQDN, when you use the Default Management Server list (which list all three methods of identifying the SEPM by default in SEP12.1).



  • 6.  RE: What is the Criteria to select Priority 1 servers

    Posted Oct 08, 2012 04:18 AM

    Load balancing occurs between the servers assigned to Priority 1 in a Management Server list. If more than one server is assigned to Priority 1, the clients randomly choose one of the servers and establish communication with it. If all Priority 1 servers fail, clients connect with the server assigned to Priority 2

    Reference:

    https://www-secure.symantec.com/connect/forums/failover-concept



  • 7.  RE: What is the Criteria to select Priority 1 servers

    Broadcom Employee
    Posted Oct 08, 2012 05:18 AM

    Yes, they will randomly establish there connection with servers.



  • 8.  RE: What is the Criteria to select Priority 1 servers

    Posted Oct 08, 2012 06:44 AM

    You cannot set priority 1 and 2 in Load balancing. Both the servers under priority 1.

    Clients will connect to the SEPM's randomly to both the servers.

    But in Failover its applicable to set priority 1 & 2 and clients will connect to Priority 1 and if they failed to connect to priority 1 then it moves on to Priority 2.

     

     

    ///////////////Hope this helps////////////////////



  • 9.  RE: What is the Criteria to select Priority 1 servers
    Best Answer

    Trusted Advisor
    Posted Oct 08, 2012 10:33 AM

    Hello,

    In a failover configuration, all clients send traffic to and receive traffic from server 1. If server 1 goes offline, all clients send traffic to and receive traffic from server 2 until server 1 comes back online.

    Load balancing occurs between the servers assigned to Priority 1 in a Management Server list. If more than one server is assigned to Priority 1, the clients randomly choose one of the servers and establish communication with it. If all Priority 1 servers fail, clients connect with the server assigned to Priority 2.

    Load balancing servers

    Load balancing is used to distribute client management between management servers. 

    Servers in the Management Server List that have the same priority are load balancing servers. When clients connect to the servers, they are distributed between the available servers with the same priority in order to distribute the load evenly. For example, if there are two servers with priority 1, the clients will be distributed between those two servers.

    Only servers at the same site should be configured with the same priority level in the Management Server List. If management servers from different sites have the same priority, they are treated as load balancing servers. This causes clients to switch between different sites, and incurs the risk of data inconsistency.

    Combining failover and load balancing

    You can configure failover and load balancing by assigning priorities to management servers in Management Server Lists. Load balancing occurs between the servers assigned to the highest priority in a Management Server List. Servers with lower priority are failover servers. If more than one server is assigned to Priority 1, each client randomly chooses one of the servers and establishes communication with it. If all Priority 1 servers are unavailable, clients connect with the failover servers that are assigned to Priority 2.

    If you use the Embedded DB instead of Microsoft SQL, only one manager can be added to each site. In this case, only replication partners are available to use as failover and load balancing servers. Note that this does incur the risk of data inconsistency.

    Reference: http://www.symantec.com/docs/TECH104519

    https://www-secure.symantec.com/connect/forums/failover-concept

    Hope that helps!!



  • 10.  RE: What is the Criteria to select Priority 1 servers

    Posted Oct 08, 2012 11:53 AM

    Hi irtezaahsan,

    I believe that, if load balance is configuted, its not the clients that determine to which SEPM it should report to. Rather its the SEP Manages that determines it based on the number of clients.

    In article TECH104582 it reads as follows:

    The reason this is considered "managed" load balancing is because the control over where the clients report is based on configured polices rather than allowing SEPM to automatically load balance based on numbers of clients. By default, multiple SEPMs will balance all of the clients between themselves.
     

    The statement in block letters refer to how load balance works by default.

     

    Let me know if that helps. Cheers



  • 11.  RE: What is the Criteria to select Priority 1 servers

    Posted Dec 22, 2012 12:53 AM

    HI,

    Did you have received your answer ?



  • 12.  RE: What is the Criteria to select Priority 1 servers

    Posted Dec 22, 2012 02:02 PM

    Its more than clear answered by Symantec staff. Thank you. Very good explanation.