About the types of Group Update Providers

Article:HOWTO80957  |  Created: 2012-10-24  |  Updated: 2014-09-21  |  Article URL http://www.symantec.com/docs/HOWTO80957
Article Type
How To


Subject


About the types of Group Update Providers

You can configure several different types of Group Update Providers in the LiveUpdate Settings policy: a single Group Update Provider, an explicit list of Group Update Providers, and multiple Group Update Providers. The types of Group Update Provider are not mutually exclusive. You can configure one or more type of Group Update Provider per policy.

  • Single Group Update Provider

    A single Group Update Provider is a dedicated client computer that provides content for one or more groups of clients. A single Group Update Provider can be a client computer in any group. To configure a single Group Update Provider, you specify the IP address or host name of the client computer that you want to designate as the Group Update Provider. A single Group Update Provider is a static Group Update Provider.

    Configuring a single Group Update Provider turns a single client into a Group Update Provider.

  • Explicit Group Update Providers list

    You can configure an explicit list of Group Update Providers that clients can use to connect to Group Update Providers that are on subnets other than the client's subnet. Clients that change location frequently can then roam to the closest Group Update Provider on the list.

    An explicit Group Update Providers list does not turn clients into Group Update Providers. You use an explicit Group Update Provider list to map the client subnet network addresses to the Group Update Providers. You identify the Group Update Providers by any of following means:

    • IP address

    • Host name

    • Subnet

    Explicit Group Update Providers can be static or dynamic, depending on how you configure them. If you use an IP address or a host name to configure an explicit Group Update Provider, then it is a static Group Update Provider. This difference affects how Group Update Providers act in networks that mix legacy version clients and managers with clients and managers from the current release.

    If you use a subnet to designate a Group Update Provider, it is dynamic, as clients search for a Group Update Provider on that subnet.

    Note:

    This subnet is the Group Update Provider subnet network address, which is sometimes also referred to as the network prefix or network ID.

  • Multiple Group Update Providers list

    Multiple Group Update Providers use a set of rules, or criteria, to elect themselves to serve groups of clients in their own subnets. To configure multiple Group Update Providers, you specify the criteria that client computers must meet to qualify as a Group Update Provider. You can use a host name or IP address, registry keys, or operating system as criteria. If a client computer meets the criteria, the Symantec Endpoint Protection Manager adds the client to a global list of Group Update Providers. Symantec Endpoint Protection Manager then makes the global list available to all the clients in the network. Clients check the list and choose the Group Update Providers that are located in their own subnet. Multiple Group Update Providers are dynamic Group Update Providers.

    Configuring multiple Group Update Providers turns multiple clients into Group Update Providers.

    Note:

    You cannot use multiple Group Update Providers with the legacy clients that run versions of Symantec Endpoint Protection earlier than version 11.0.5 (RU5).

Configuring single or multiple Group Update Providers in a LiveUpdate Settings policy performs the following functions:

  • It specifies which clients with this policy are to act as Group Update Providers.

  • It specifies which Group Update Provider or Providers the clients with this policy should use for content updates.

Configuring an Explicit Group Update Provider list performs only one function:

  • It specifies which Providers the clients with this policy should use for content updates. It maps Group Update Providers on subnets for use by clients on different subnets.

  • It does not specify any clients as Group Update Providers.

Although it does not turn clients into Group Update Providers, you can still configure and apply a policy that contains only an explicit provider list. However, you must then have a single Group Update Provider or multiple Group Update Providers configured in another policy in the Symantec Endpoint Protection Manager. Or, you can have both types configured in other policies.

Note:

Because Symantec Endpoint Protection Manager constructs a global list, all of the Group Update Providers that are configured in any of the policies on a Symantec Endpoint Protection Manager are potentially available for clients' use. Clients on a different subnet can end up using a Group Update Provider that you configured as a single static provider if the configured subnet mapping in an explicit list in another policy matches it.

See About the effects of configuring more than one type of Group Update Provider in your network.

If a client cannot obtain its update through any of the Group Update Providers, it can then optionally try to update from the Symantec Endpoint Protection Manager.

Table: How the explicit type of Group Update Provider can be used based on the software versions in the network

Symantec Endpoint Protection Manager Version

Client Versions

Group Update Provider Client Version

Types of Group Update Provider that you can use

12.1.2 and higher

12.1.2 and higher

11.0.5 and higher

You can configure both static and dynamic explicit Group Update Providers.

12.1.2 and higher

12.1.2 and higher

11.0.0 to 11.0.4

You can configure an 11.0.4 client computer as a single Group Update Provider. You can then use it in an explicit Group Update Provider list as a static Group Update Provider.

12.1.2 and higher

12.1.1 and lower

Any

You can configure single or multiple Group Update Providers, but not explicit Group Update Providers because the clients do not support them.

12.1.1 and lower

Any

Any

You can configure single or multiple Group Update Providers, but not any type of explicit Group Update Provider because they are not available in the Symantec Endpoint Protection Manager.

The types of Group Update Providers that you configure depend on how your network is set up and whether your network includes legacy clients.

Note:

A legacy client is considered a computer that runs a version of Symantec Endpoint Protection that is earlier than 11.0.5.

Table: When to use particular types of Group Update Provider

Group Update Provider Type

When to use

Single

Use a single Group Update Provider when your network includes any of the following scenarios:

  • Your network includes legacy clients

    Legacy clients can get content from a single Group Update Provider; legacy clients can also be designated as a Group Update Provider.

    Legacy clients do not support multiple Group Update Providers.

  • You want to use the same Group Update Provider for all your client computers

    You can use a single LiveUpdate Settings policy to specify a static IP address or host name for a single Group Update Provider. However, you must change the IP address in the policy if the clients that serve as single Group Update Providers change locations.

    If you want to use different single Group Update Providers in different groups, you must create a separate LiveUpdate Settings policy for each group.

Explicit list

Use an explicit list of Group Update Providers when you want clients to be able to connect to Group Update Providers that are on subnets other than the client's subnet. Clients that change location can roam to the closest Group Update Provider on the list.

Note:

Clients from releases earlier than this release do not support the use of explicit Group Update Provider lists. Clients that communicate with Symantec Endpoint Protection Manager versions 12.1 and earlier do not receive any information about explicit Group Update Provider lists.

Multiple

Use multiple Group Update Providers when your network includes any of the following scenarios:

  • The client computers on your network are not legacy clients.

    Multiple Group Update Providers are supported on the computers that run Symantec Endpoint Protection 11.0.5 (RU5) software or a later version. You cannot use multiple Group Update Providers with the legacy clients that run versions of Symantec Endpoint Protection earlier than 11.0.5 (RU5). Legacy clients cannot get content from multiple Group Update Providers. A legacy client cannot be designated as a Group Update Provider even if it meets the criteria for multiple Group Update Providers.

    You can create a separate LiveUpdate Settings policy and configure a single, static Group Update Provider for a group of legacy clients.

  • You have multiple groups and want to use different Group Update Providers for each group

    You can use one policy that specifies rules for the election of multiple Group Update Providers. If clients change locations, you do not have to update the LiveUpdate Settings policy. The Symantec Endpoint Protection Manager combines multiple Group Update Providers across sites and domains. It makes the list available to all clients in all groups in your network.

  • Multiple Group Update Providers can function as a failover mechanism. The use of Multiple Group Update Providers ensures a higher probability that at least one Group Update Provider is available in each subnet.

See Using Group Update Providers to distribute content to clients

See About configuring rules for multiple Group Update Providers

See Configuring Group Update Providers


Legacy ID



v41589011_v81626096


Article URL http://www.symantec.com/docs/HOWTO80957


Terms of use for this information are found in Legal Notices