Experiences with Endpoint Security in large environments

[dantro]

Hello all,

has anyone of you made any experiences yet setting up endpoint security in more advanced environments (5000+ remote users)? I mean with SmartCenter HA and everything. Distributed Endpoint Security Server. Maybe even an Endpoint Security Server cluster. Any technical issues to mention? Anything to consider in preparation of such a task?

[CSING]

A couple of things to be aware of:

1. Integrity 6.5 server can be clustered. The 7.0 CPES server is not clustered or HA. It is more like a hot spare. You must manually switch the active server. However with Office awareness configured this becomes less of an issue.

2. 7.5 will allow multiple active Connection Managers. "Loadbalancing" will be done on the client via a serverlist provided by the Active servers to the client.

3.There is a bug currently with HFA1 such that the serverlist on new remote vpn deployments clients sometimes gets stuck sending syncs to the standby server. The fix is complete and is in the next version.

4. With remote users you will want to consider cooperative enforcement with the gateway. This requires some additional steps that needs to be fully tested in your lab before implementation. All the steps needed are not yet in a single document for 7.0.

5. regarding HA smartcenter servers: never heard of a problem with that. Haven't been involved with a SC HA deployment for CPES but would be very surprised if this had any issue. hth