Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1233 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise design

theshadow

Hi All,

I want to discuss something with the community about a hypothetical solution.

Let's say I have a company with a Main Location and 5 Branch Locations, what would be the best way to implement

Sophos Enterprise? Do I need a management console on all locations to minimize traffic from Branch to Main location,

or can I have a management console on the main location and central update options on the branch locations.

Is there any documentation of designing complex Sophos environments.

Any comments are welcome. Cheers.

:21301


This thread was automatically locked due to age.
  • 0

    Hi,

    You don't mention the total number of clients but I'll assume you're not over 25K. :)  The number of clients per site would also be interesting to know and may change the way you approach the config at each site.  Maybe a differnt approach would be needed for a 2000 site vs a 10 user site.

    • I would suggest if you need to consolidate, to save on editing multiple policies in multiple consoles, etc. a single SEC server at the main site would be ideal.
    • Install a SUM at each site, this can either pull updates from Sophos (could have a better link than to come back to the main site?) or from the main site and make an update location available at each location for the local clients.
    • If you "need" relays, this really depends on the number of clients you're managing but it may make sense to install a message relay at each site also. /search?q= 21239  is relevant and worth a look.
    • You could install a remote management console at each site to delegate admin duties to admins or local helpdesk staff using role based administration. If the links are really poor that might be a stretch, in which case you could "share" SEC out using something like Citrix or Remote Desktop Services in 2008R2.  This could even make the console available in a browser if you really needed it.

    Hope it helps..

    Regards,

    Jak

    :21305
  • 0

    I agree with all of the above. In theory everything you need is in here but quite a lot is missing and in the KB site instead:

    http://www.sophos.com/sophos/docs/eng/instguid/sec_50_asgeng.pdf

    Page 28 has a SQL database sizing guide.

    Page 30 has guidelines for installing more than one console.

    Page 31 has guidelines for installing an update manager per site.

    In addition to jak's advice don't forget you can also make use of the new Update Roaming feature for your laptop users.

    http://www.sophos.com/support/knowledgebase/article/112830.html

    Also, not a lot of people know this, but you can also pay Sophos to do all the hard work for you via their Professional Services team:

    http://www.sophos.com/sophos/docs/eng/marketing_material/sophos-professional-services-brna.pdf

    :21341
  • 0

    Hi,

    Thanks for the response, I understand your advice.

    Customer has a main location in a datacenter with 100+ virtual servers and no other clients.

    Furthermore they have 14 locations with clients between 150 and 900, all locations have at least 1 server.

    Connections between locations are 10Mbps with a central Internet ascent in the datacenter.

    Regards,

    TheShadow

    :21349