A majority of small and medium-sized organizations need only a single site to centrally manage network security. Since each site has only one database, all data is centrally located.
Even a large organization with a single geographic location typically needs only needs one site. But for the organizations that are too complex to manage centrally, you should use a distributed management architecture with multiple sites.
You should consider multiple sites for any of the following factors:
A large number of clients.
The number of geographical locations and the type of communications links between them.
The number of functional divisions or administrative groups.
The number of datacenters. A best practice is to set up one Symantec Endpoint Protection site for each datacenter.
How frequently you want to update the content.
How much client log data you need to retain, how long you need to retain it, and where it should be stored.
A slow WAN link between multiple physical locations with thousands of clients. If you set up a second site with its own management server, you can minimize the client-server traffic over that slow link. With fewer clients, you should use a Group Update Provider.
Any miscellaneous corporate management and IT security management considerations that are unique.
Use the following size guidelines to decide how many sites to install:
Install as few sites as possible, up to a maximum of 20 sites. You should keep the number of replicated sites under five.
Connect up to ten management servers to a database.
Connect up to 18,000 clients (for 14.x) or 50,000 clients (for 12.1.x) to a management server.
After you add a site, you should duplicate site information across multiple sites by replication. Replication is the process of sharing information between databases to ensure that the content is consistent.
Table: Multi-site designs
Each site performs replication bi-directionally for groups and policies, but not logs and content. To view the site reports, you use the console to connect to a management server in the remote site.
Use this design when you do not need immediate access to remote site data.
All logs are forwarded from the other sites to a central site.
Use this design when you require centralized reporting.
Each site has multiple management server installations and database clustering.
To handle additional clients, you add multiple management servers rather than adding multiple sites. You then use a management server list to configure client computers to automatically switch to an alternative management server if the primary management server becomes unavailable.
You use this design to provide redundancy, failover, and disaster recovery.
When you use replication with an embedded database, Symantec recommends that you do not add load balancing, as data inconsistency and loss may result.