Best practices for installing Symantec Endpoint Protection Manager (SEPM) to a VMware image or wedge, with recommendations for memory, CPU, and hard drive performance settings.
Symantec Endpoint Protection Manager can be I/O intensive, and subject to random spikes of heavy resource usages when dealing with clients, HTTP traffic, and disk I/O transactions.
As a result, a minimally designed VMware may suffer performance issues, and fall behind in logs or requests for content, policies, and definitions. Therefore, Symantec strongly recommends the following settings as a functional minimum set of system requirements:
The minimum settings for a VMware image in a small environment (1-5,000 endpoints) should be as follows (in the Resources tab):
For larger or transactionally noisier environments, you may need to increase the minimum settings significantly. This helps ensure that the SEPM does not fall behind in log processing and definitions processing, which could lead to the SEPM stalling or preventing you from logging in locally or through the Remote Management interface.
Since every VM\hyper-v drive cluster and hardware cluster varies along with work load types, Symantec cannot explicitly predict or define a hardware level that is sufficient for your environment. Therefore, Symantec strongly recommends over-engineering the virtual devices, and then trimming down individual facets until you have a balance between performance and reliably.
An example baseline for a medium deployment (5,000-10,000 endpoints):
If the listed specs do not sufficiently keep up with high demand or load situations, tune the VMware to have more resources: first, increase the system RAM, and then increase the CPU core count.
If you find that the SEPM is not able to keep up with sustained load, even with large amounts of CPU cores (8 or more) and RAM (16 GB or more), you may need to increase the availability of more disk I/O operations per second. Or, see if there is another application on the computer or RAID cluster that is consuming too many IOPS (input/output operations per second) to allow the SEPM to work properly.
By default, several tables within the SEPM database are capable of auto-growing to prevent stalling of definition publishing. Allow the SEPM to install and create the database if your security policies permit. If your security policies do not allow for automatic database creation by third party applications, manual database creation is another option for automatic table growth.
With the SEPM being a heavy I/O and memory intensive application to host in VMware, there are other things that you can do to help improve reliability under extended high load situations (such as a virus outbreak or mass migration).
These steps help ensure optimal SEPM performance within a virtual environment. While not as responsive as a true hardware device, this keeps the SEPM healthy in long term virtual usage.
CAUTION: With the SEPM being I/O intensive, also consider the I/O needs of other VM systems—such as mail servers or database servers—on the host OS. Installing such applications along with the SEPM can result in I/O bottlenecks in either drive channels or networking.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.