What are the best practices for setting the number of content revisions to keep in the Symantec Endpoint Protection Manager (SEPM)?
For versions of Symantec Endpoint Protection (SEP) earlier than 12.1.5, Symantec Endpoint Protection Manager (SEPM) must have previous content revision downloads in order to create a "delta", or differential, capable of updating a client from its current content version to the most recent version of that content being stored on the SEPM. The value of deltas is that content revisions are kept to a minimal size as they are sent across the network.
For version 12.1.5, the management server downloads full content only once, at install time. Thereafter, deltas are downloaded, and the latest full content is reconstructed from the reference content version plus forward deltas. If earlier full versions are needed, they are reconstructed from the full content version plus backward deltas.
To determine how many content revisions you should keep consider the following:
For the majority of your clients how often do they communicate with their Symantec Endpoint Protection Manager?
Historically, how long have your clients had to go without communication with their Symantec Endpoint Protection Manager?
What disaster recovery scenarios must you consider and of what duration?
The number of content revisions to keep should depend on the need to balance network bandwidth usage with the amount of hard drive storage availability on the SEPM. This setting should be made with the specific network environment's requirements and limitations in mind.
To determine how long it will take to perform a content distribution update in a best case scenario, use the following formula of:
Concurrent Connections x Content Size* ÷ Available Bandwidth (in KBps) = Content Distribution Time (in seconds)
* Average Content Size = 200 Kb
The following table assumes that the entire network is dedicated to the update -- that is, all available bandwidth is consumed by the content download, and all clients download content concurrently. A real world scenario would be more complex.
Example of Content Distribution Time with a 200kB update:
Number of clients
T1 (1.54Mbps, or 192.5 KBps)
10 Mbps (1250 KBps)
100 Mbps (12,500 KBps)
1 Gbps (125,000 KBps)
* Note that latency can also be affected by network utilization and protocol overhead.
You can configure the number of content revisions to store at Admin > Servers > Local Site > Edit Site Properties > LiveUpdate tab > Disk Space Management for Downloads. See the following knowledge base article: http://www.symantec.com/docs/TECH96214
A compressed and uncompressed copy of each content version can be kept on Symantec Endpoint Protection Manager (versions earlier than 12.1.5 only)
All deltas from full definitions are kept on Symantec Endpoint Protection Manager.
For 12.1.5, clients that are more than three (3) months out of date may result in Symantec Endpoint Protection Manager attempting to store deltas larger than 100MB. These large delta files may cause unpredictable behavior or cause issues, for example, with replication.
÷ Available Bandwidth = Content Distribution Time
*Average Content Size = 70-100kb
Example Content Distribution Time using 70kB update.
Above Table assumes the entire network was dedicated to the update
*Note that latency can also be affected by network utilization and protocol overhead.
Imported Document ID: TECH92225
Subscribing will provide email updates when this Article is updated. Login is required.