Basics: The Group Update Provider was a feature request to support designating a particular client to serve as a computer that will get content updates and publish them. The computer that is downloading and publishing the content is referred to as the “Group Update Provider.” The computers in the client group will use the designated “Group Update Provider” as a local proxy for content updates. You use a LiveUpdate Settings Policy to configure the type of Group Update Provider. In the latest release of Symantec Endpoint Protection 11.0 RU5, there are major enhancements to this technology. These enhancements expand the scope of functionality of a GUP by a large extent. There are 3 new features added to the GUP mechanism: 1. Tagging The way this works is that you can define a system to be a GUP based on parameters such as: Operating System type, Computer IP address/Hostname, Registry Key – or a combination of any of those listed. 2. Roaming -The systems that become GUPs, send that data to the SEPM to let them know that they are now a GUP. The GUP then populates a single list of all known GUPs. This list is provided to all SEP clients that are configured to use the GUP. The way this will work is that when a client talks to SEPM, and realizes it is time to update content, the SEPM tells the client to speak to the GUP, and the client looks at the GUP list to find the GUP on the same subnet as the client. If there is no GUP on that subnet, the client (optionally) can speak directly to SEPM, or another GUP. 3. Bandwidth Throtteling This specifies to the GUP to not use x amount of Kbps, Mbps, or Gbps when speaking to the SEPM and pulling down content updates. This will help in the event that a system has been off the network for some time, and requires as an example, a full definition set. That is a 30-50MB download, so this setting will ensure that the network does not become saturated during this file transfer. Bandwidth throtteling is between GUP & SEPM, not the SEP clients and SEPM. About the Types of Group Update Providers: You can configure two types of Group Update Providers Single Group UpdateProvider: A single Group Update Provider is a dedicated client computer that provides content for one or more groups of clients. A single Group Update Provider can be a client computer in any group. To configure a single Group Update Provider, you specify the IP address or host name of the client computer that you want to designate as the Group Update Provider. Multiple Group Update Provider Multiple Group Update Providers use a set of rules, or criteria, to elect themselves to serve groups of clients across subnets. To configure multiple Group Update Providers, you specify the criteria that client computers must meet to qualify as a Group Update Provider. If a client computer meets the criteria, the Symantec Endpoint Protection Manager adds the client to its list of Group Update Providers. Symantec Endpoint Protection Manager then makes the list available to all the clients in your network. Clients check the list and choose the Group Update Provider that is located in their subnet. You can also configure a single, dedicated Group Update Provider to distribute content to clients when the local Group Update Provider is not available. You use a LiveUpdate Settings Policy to configure the type of Group Update Provider. The type you configure depends on how your network is set up and whether or not your network includes legacy clients. In other words, here are the steps we should take to confugre Group Update Providers:
The file globalindex.xml contains information about the globallist.xml . -------------------------------------------------------------------------------------------------------------------------------------------------------------------
Note: It's applicable for SEP 12.1 Also.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Hello I'm still a bit confused, I've started a separate thread asking how to setup GUP with 2 groups one for the servers and one for the workstations https://www-secure.symantec.com/connect/articles/gup-clarifications-live-update-settings-different-groups
I have about 150 clients out of 1500 that are still on mr4. Each group that has a GUP is updated to RU5. All mr4 clients are updating directly from the SEPM.
Did you upgrade all the clients to RU5?
From a previous post. If you want, you can saggregate the entire configuration for GUPs for multiple sites in a single policy and make it working.
In the SEPM console, go to clients tab-> search clients, and then you have to search for Group Update Provider = true.
1 minute interval is almost real-time update [ considering we dont change the configurations that often ].
best, Aniket How did you determine this 1 minute interval? Are GUPs checking with SEPM every minute. If so, how can we make this longer?
Aniket, thanks for your reply. 1. So the sentence in your article that says, "This list is provided to all SEP clients that are configured to use the GUP" should really say, "This list is provided to all SEP clients." Because all SEP clients automatically use GUPs, if on their subnet, or if the failover GUP on another subnet is specified. No other configuration is required. Correct? 2. And the last sentence in the message to which I am directly replying should say, "Because if clients are not in the same subnet (not Group) as the GUPs, then you need to specify the IP of a GUP in the Mulitple Group Update Provider List that applies to the Group that will use the GUPs." There's no need for a separate Policy for that Group, according to the Help file...just use the failover GUP field provided at the bottom of the Multiple GUP List dialog box. Correct? Sorry if I seem like I'm splitting hairs, here...just trying to get some much-needed clarity.
Reading your last comment I am now confused again :-) I thought the whole thing around the multple GUP riules was to allow clients to be elected to be a GUP when a defintion request is processed? i.e none are static/dedicated?? So now you seem to be saying (I apologise If I am wrong) all machine that qualifies to be a GUP downloads the defs from SEPm when an update is required? I thought this action only happens by the elected GUP not all thise that qualiify - this seems a bit of a pointless setting (multple GUPs) apart from having a fancy way to define from i.e reg flag... Just to resolve my confusion, can you maybe tell me the best way to configure the use of GUP across 250 sites? Can I now not use muktple GUPs and have to go back to a policy/group per site stating the IP address of the GUP? I hope you understand what I am saying/trying to explain :-) Please correct me!
This release contains a new build of the Symantec Endpoint Protection Manager (SEPM version 11.0.5) and the latest version of the Client binaries (version 11.0.5). This version of the SEPM and Client binaries can be installed as a new install or as an upgrade to an existing 11.x installation.
With this MR5 release, SEP 11.0 now also supports Windows Server 2008 R2 and Windows 7. Regards, Twixxica_ica
I am still a little confused.... still trying to figure out how to get the following done... Site A (10.65.x.x) Server (GUP) 10.65.72.10 Clients (Example) 10.65.31.x-10.65.34.x (DHCP Scope) Site B (10.60.x.x) Server (GUP) 10.60.72.10 Clients DHCP same as above... Site C Site D So according to what I have seen I can add these 4 GUP's. However, since my clients are all on different subnets how will they know what gup to use?