How client computers receive content updates

Article:HOWTO55172  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55172
Article Type
How To


Subject


How client computers receive content updates

Client computers can use LiveUpdate to download security definitions and other product updates automatically, but several other content distribution methods are available to update clients.

The LiveUpdate server schedule settings are defined in the Site Properties on the Admin page. The LiveUpdate client schedule settings are defined in the LiveUpdate Settings policy.

When you add and apply a LiveUpdate Settings policy, you should have a plan for how often you want client computers to check for updates. The default setting is every four hours. You should also know the place from which you want your client computers to check for and get updates. If possible, you want client computers to check for and get updates from the Symantec Endpoint Protection Manager. After you create your policy, you can assign the policy to one or more groups and locations.

The content distribution methods that you use depend on the following factors:

  • How you set up your network.

  • How many client computers you manage.

    For example, if you have a very large number of clients, you can use Group Update Providers to ease the load on your management servers. You can even set up internal LiveUpdate servers using LiveUpdate Administrator, if necessary.

  • Whether you manage Windows and Mac client computers.

    For example, Mac client computers get updates only from an internal or an external LiveUpdate server. Only Windows client computers can get updates from the management server or Group Update Provider.

    See Table: Content distribution methods and when to use them.

  • Whether client computers regularly connect to your network.

    For example, some users may travel with portable computers that connect intermittently or not at all to your network. In this case, you can allow the client computers to get updates directly from a Symantec LiveUpdate server using the Internet. See Table: Content distribution methods and when to use them.

See Managing content updates.

Table: Content distribution methods and when to use them

Method

Description

When to use it

Symantec Endpoint Protection Manager to client computers

(Default)

The default management server can update the client computers that it manages. You might have multiple management servers in your Symantec Endpoint Protection Manager network. The site that includes the management servers receives LiveUpdate content.

Note:

Only Windows client computers can get updates from the management server. Mac client computers must currently get their updates from a Symantec LiveUpdate server or manually.

See Using Intelligent Updater files to update client virus and security risk definitions.

This method is configured by default after management server installation. You can also combine this method with a Group Update Provider.

Group Update Provider to client computers

A Group Update Provider is a client computer that receives updates from a management server. It then forwards the updates to the other client computers in the group. A Group Update Provider can update multiple groups.

Note that Group Update Providers distribute all types of LiveUpdate content except client software updates. Group Update Providers also cannot be used to update policies.

Setting up a Group Update Provider is easier than setting up an internal LiveUpdate server. Group Update Providers are less resource-intensive and so reduce the load on the management servers.

This method is particularly useful for groups at remote locations with minimal bandwidth.

See Configuring Group Update Providers to distribute content .

Internal LiveUpdate server to client computers

Client computers can download updates directly from an internal LiveUpdate server that receives its updates from a Symantec LiveUpdate server.

You use the LiveUpdate Administrator utility to download the definitions updates down from a Symantec LiveUpdate server. The utility places the packages on a Web server, an FTP site, or a location that is designated with a UNC path. You configure your management servers and client computers to download their definitions updates from this location.

If necessary, you can set up several internal LiveUpdate servers and distribute the list to client computers.

For more information about setting up an internal LiveUpdate server, see the LiveUpdate Administrator User's Guide.

The guide is available on the product disc and on the Symantec Support Web site.

You can use an internal LiveUpdate server in very large networks to reduce the load on the Symantec Endpoint Protection Manager. You should first consider whether Group Update Providers would meet your organization's needs. Group Update Providers are easier to set up and also reduce the load on the management servers.

Use an internal LiveUpdate server if you have Mac clients and you don't want them to connect to a Symantec LiveUpdate server over the Internet.

An internal LiveUpdate server is also useful if your organization runs multiple Symantec products that also use LiveUpdate to update client computers.

You typically use an internal LiveUpdate server in large networks of more than 10,000 clients.

Note:

You should not install Symantec Endpoint Protection Manager and an internal LiveUpdate server on the same physical hardware or virtual machine. Installation on the same computer can result in significant server performance problems.

For more information see the Symantec Technical Support knowledge base article LiveUpdate Administrator 2.x and Symantec Endpoint Protection Manager on the Same Physical Server.

See Setting up an internal LiveUpdate server.

Symantec LiveUpdate server to client computers over the Internet

Client computers can receive updates directly from a Symantec LiveUpdate server.

Note:

Mac client computers must use this method.

Use an external Symantec LiveUpdate server for the client computers that are not always connected to the corporate network.

Symantec Endpoint Protection Manager and scheduled LiveUpdate are enabled by default, as are the options to only run scheduled LiveUpdate when connection to Symantec Endpoint Protection Manager is lost and the virus and spyware definitions are older than a certain age. With the default settings, clients always get updates from Symantec Endpoint Protection Manager except when Symantec Endpoint Protection Manager is nonresponsive for a long period of time.

Note:

Do not configure large numbers of managed, networked clients to pull updates from an external Symantec LiveUpdate server. This configuration consumes unnecessary amounts of Internet bandwidth.

See Setting up an external LiveUpdate server.

Third-party tool distribution

Third-party tools like Microsoft SMS let you distribute specific update files to clients.

Use this method when you want to test update files before distributing them. Also, use this method if you have a third-party tool distribution infrastructure, and want to leverage the infrastructure.

See Distributing the content using third-party distribution tools.

Intelligent Updater

Intelligent Updater files contain the virus and security risk content that you can use to manually update clients. You can download Intelligent Updater self-extracting files from the Symantec Web site.

You can use Intelligent Updater files if you do not want to use Symantec LiveUpdate or if LiveUpdate is not available.

See Using Intelligent Updater files to update client virus and security risk definitions.

To update other kinds of content, you must set up and configure a management server to download and to stage the update files.

See Using third-party distribution tools to update client computers.

Figure: Example distribution architecture for smaller networks shows an example distribution architecture for smaller networks.

Figure: Example distribution architecture for smaller networks

enterprise (title and figure)Example distribution architecture for smaller networks

Figure: Example distribution architecture for larger networks shows an example distribution architecture for larger networks.

Figure: Example distribution architecture for larger networks

enterprise (title and figure)Example distribution architecture for larger networks

Legacy ID



v38557491_v59371754


Article URL http://www.symantec.com/docs/HOWTO55172


Terms of use for this information are found in Legal Notices