You have quite a task ahead of you...
I would look at the bandwidth information for epo... Found here, its a good place to start..
I would give McAfee Support a ring too if you have any specific design questions.
The biggest issue you'll have is bandwidth. What size pipes are you working with at each province?
As for the design you'll want one master ePO server, repositories at every province, and possibly an agent handler if you have remote users. Reference this article for the specs.
A single ePO server can manage 40k+ endpoints. The bigger concern is to have an adequate database depending on how many events you'll be collecting from endpoints.
Let me know if you have any other questions or concerns.
Thank you for the feedback and the link to the sizing document, I will read through it when it's finished downloading.
With regards to bandwidth, the smallest link that the customer currently has is 1MB for their smallest sites. That pipe is used for mail, internet browsing, etc, but I think the sizing document would give me a better understanding on what to expect.
Thank you very much for your assistance.
Create local repositories at your sites with your Master Repository Update & Replication occuring every 6 hours. You'll then want to create McAfee Agent policies to point your systems to their local repositories. As for replication be sure to select incremental and not full. Initially you'll want to start this after hours as each site pulls down all the software (VSE, HIPS,etc) but after that only new packages, patches, and DATs will be replicated during the day. If you find that DATs are eating too much of your bandwidth let me know.
There's a couple reasons why I prefer the 6 hour interval. While McAfee releases at least one DAT per day it's not uncommon for there to be more. Typically the daily DAT is released around 1900 GMT but there is a chance the DAT file will be released at a different time. On top of that you have to account for extra.dat's. With all these variables outside of our I control I prefer to play it safe. A pull/replication(incremental) task every 6 hours has always been a nice balance for environments I've managed.
As for software being replicated that's something to be careful about. If you check in multiple pieces of software at once then a big replication will occur. This is why local repositories are a must as it shouldn't be a bandwidth breaker if one system per site downloads the newest software. The trick is balancing replication and client tasks. You'll want to give your distributed repositories time to get all the necessary software, DATs,etc and then allow client tasks to feed the endpoints.