Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2107 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sizing Enterprise Console

mbro

Hi There,

Just looking for a bit of advice. We will need to build a server to support 1000 Windows endpoints. Are there any guides available to help size this server? Would it require a SQL database rather than SQL Express?

Thanks

:6525


This thread was automatically locked due to age.
Parents
  • 0

    You might be ok...  I assume the SEC server has a static IP address and accessible from all clients?  That way, when you install SEC, the mrinit.conf file will have an IP address as the parent address.  All the clients will need to be able to resolve this to find the server for RMS communication.  You could configure a message relay at each site but for the numbers per site it doesn't quite make it worth it.  Either way, if you've already installed the server side components, you should have the mrinit.conf files in the root of the CIDs/distribution points to check this parent address is going to be resolvable for all the clients.

    I would then suggest:

    1. Create the necessary groups in SEC to house all the machines, constructing the structure as required.  Maybe a top level group per site.

    2. Define all the policies you require at least to start and link them to the groups.

    3. I would then protect them by running a batch file, as you can see from:

    http://www.sophos.com/support/knowledgebase/article/12570.html

    setup.exe (the file in the root of the CIDs/distribution point, often called the bootstrap.exe takes:

    -compname <computername> as a switch.  This can override the name that appears in SEC, thus you can make them all unique.

    For your case it might be possible to work into the command line:

    -G \<nameofserver>\<Groupname>

    so the machines appear in the right group as they are protected.

    Essentially I would try and construct a batch file per location/per SEC group, that you can use to protect the machine with which can insert a relevant machine name switch.  E.g. "SiteName-%computername%".  I would probably choose a scripting language such as vbscript as this would be easier to construct the parameters needed on a machine/site basis.

    I guess AD start-up scripts would be the typical deployment method from here with a few additional checks.  As this is not available to you.  I would perhaps look to use psexec (Sysineternals) to create the tasks on the remote machines,  maybe a batch file per site, which executes the per site VBScript/batch file to install.

    I hope that helps,

    Jak

    :6571
Reply
  • 0

    You might be ok...  I assume the SEC server has a static IP address and accessible from all clients?  That way, when you install SEC, the mrinit.conf file will have an IP address as the parent address.  All the clients will need to be able to resolve this to find the server for RMS communication.  You could configure a message relay at each site but for the numbers per site it doesn't quite make it worth it.  Either way, if you've already installed the server side components, you should have the mrinit.conf files in the root of the CIDs/distribution points to check this parent address is going to be resolvable for all the clients.

    I would then suggest:

    1. Create the necessary groups in SEC to house all the machines, constructing the structure as required.  Maybe a top level group per site.

    2. Define all the policies you require at least to start and link them to the groups.

    3. I would then protect them by running a batch file, as you can see from:

    http://www.sophos.com/support/knowledgebase/article/12570.html

    setup.exe (the file in the root of the CIDs/distribution point, often called the bootstrap.exe takes:

    -compname <computername> as a switch.  This can override the name that appears in SEC, thus you can make them all unique.

    For your case it might be possible to work into the command line:

    -G \<nameofserver>\<Groupname>

    so the machines appear in the right group as they are protected.

    Essentially I would try and construct a batch file per location/per SEC group, that you can use to protect the machine with which can insert a relevant machine name switch.  E.g. "SiteName-%computername%".  I would probably choose a scripting language such as vbscript as this would be easier to construct the parameters needed on a machine/site basis.

    I guess AD start-up scripts would be the typical deployment method from here with a few additional checks.  As this is not available to you.  I would perhaps look to use psexec (Sysineternals) to create the tasks on the remote machines,  maybe a batch file per site, which executes the per site VBScript/batch file to install.

    I hope that helps,

    Jak

    :6571
Children
No Data