How to Auto-Upgrade Remote Site Clients using IIS
Reduce WAN traffic and upgrade failures by using an IIS server in a remote site.
Please refer the below exhibit.
Site1 has SEPM.
Site2 and Site3 are remote sites having a Windows server with IIS.
Configuring a remote site, in this case Site2 or Site3.
The name of the Server is Site2.
Step1.1: Create a folder on local drive and copy the setup.exe created using SEPM.
Step1.2: Create a virtual directory in IIS on Site2 server.
Step 1.3: Make sure the Virtual Dircetory has the correct 'Local Path' where the setup.exe is saved.
Step2: Verify that the package can be downloaded without any permission issue.
To test this, type the client package url for e.g. "http://site2/SEP_client/setup.exe" in a web browser.
You should get a file download doalogue box. Click cancel.
Step3.1: Goto Install Packages under Clients tab in SEPM. Click on Add client install package.
Step 3.2: Select 'Downloadthe client package from the following URL (http or https)' and type the URL of the client package hosted in IIS of site2 and click 'Ok'.
e.g "http://site2/SEP_client/setup.exe"
The Site2 clients will get the package from the Site2 IIS server.
Comments
Thanks for the tip, I haven't
Thanks for the tip, I haven't thought about deploying an upgrade this way.
Question: Could that setup.exe be a patch file instead? i.e RU5 to RU6a ?
Also file:// in order to use a local network share would be ideal. I have remote sites with GUP's only.
Yes it can be a upgrade
Yes it can be a upgrade package like RU5 to RU6a.
---------------------------------
Vikas
--
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Yes it can be a upgrade
Yes it can be a upgrade package like RU5 to RU6a.
---------------------------------
Vikas
--
Don't forget to mark your thread as 'solved' with the answer that best helped you!
thanks for u r article
thanks for u r article
how to make that one single
how to make that one single exe package ?
/* Infrastructure Support Engineer */
Export it from the SEPM
Export it from the SEPM console under packages
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c741ec26fa674b1e8825738a0076abf3?OpenDocument
Thanks man, this is just what
Thanks man,
this is just what I've been looking for.
Special thanks to the Original poster for creating such a great tute for all of us.
/* Infrastructure Support Engineer */
What an excellent document
What an excellent document thanks very much, just a quick question what is the best way to handle different client versions. For example do i need to create a website for 32bit and one for 64bit clients or can the SEPM server supply a package that contains both.
Create another Virtual directory for 64bit.
You could create another virtual directory for 64bit package.
For Example if you refer Step 2. The path would look like http://site2/SEP_win64bit/setup.exe
Configure the same path in Step 3.2 when you add a 64bit package.
---------------------------------
Vikas
--
Don't forget to mark your thread as 'solved' with the answer that best helped you!
This seems like exactly what
This seems like exactly what I have been looking for. Thanks!
One question, however. Is there any way I could set up 2+ install packages to a group, and then depending on where the clients are located, they would just pick the best path?
I dont separate my offices into separate groups because we all use the same settings, but I don't want all of them to pull from the remote server, but from each of their respective local IIS servers.
@Nate, I would still
@Nate,
I would still recommend using groups for each remote site.
All groups will still use the same settings if they are configured to use shared policy files (which is the default). So you would only have to make policy updates in one place.
And by using groups, you can take care of assigning the respective local IIS servers to each group.
It's a WIN-WIN scenario.
Jon
Hi Nate,
I've just stumbled across the post and it gives me a good idea as to how to best setup the deployment. Like you, I'm only using one site, as well as having users who roam between sites.
DNS has a cool feature where if a host has multiple A records, it will return the one in your subnet first. Meaning you could create a DNS name called "SEPUpdates" which would resolve to the IP of the IIS server as described above. You then just need to set all of your IIS server roots to replicate; perhaps using a RoboCopy script or NTFRS/FRS-R.
Let me know if you want more clarification.
Greg
when you do the find
when you do the find unmanaged clients for site2? do you use SEPM from site1??
is there anything special you have to do to use the site2 installation file??
thanks
For managed clients.
Hi,
This setup is for managed clients. This to upgrade a managed SEP client to new version.
The SEP client should be communicating with SEPM.
Thank you.
---------------------------------
Vikas
--
Don't forget to mark your thread as 'solved' with the answer that best helped you!
how we can make same setup for sep SMB12.0
can we make this kind of setup for SEP SMB 12. how much bandwirth required. and when remote site update from central server how much data will copy for one client
Hi, Such configuration is not
Hi,
Such configuration is not possible with Small Business Edition 12.x
This option is available in SEP 11.x
Thanks and Regards,
Chetan Savade
Technical Support Analyst,
End Point Security, Enterprise Technical Support
HI Veekee, excellent document
HI Veekee,
excellent document and steps suggested by you. I was unware about this step. through this step no issue for WAN traffice except logs and policy communication by SEPM. same method also for SEP 12.1?
Regards,
Ajay Kumar Singh (Consultant- Information Security)
SCS(Symantec)
Hi Ajit Singh,It's
Hi Ajit Singh,
It's applicable in SEP 12.1 EE also.
Thanks and Regards,
Chetan Savade
Technical Support Analyst,
End Point Security, Enterprise Technical Support
HI Chetan,/Veekee yesterday I
HI Chetan,/Veekee
yesterday I did same practice for remote site client. those updated succesfully with upgrade version clients setup through IIS and keep reporting to SEPM. Thanks all for best practices
Regards,
Ajay Kumar Singh (Consultant- Information Security)
SCS(Symantec)
Would you like to reply?
Login or Register to post your comment.