Better topology for a lot of wan links??
Hi All,
I'm wondering what is the best practice for implanting SEP 11 MR2 in a environment with a lot of remote sites.
I'm in the middle of a migration from SAVCE to SEP11 in an environment with about 4000 workstations (at this moment i have 1500 workstations with SEP).
There are a lot of remote sites too (aproximately 80), linked to the central site via slow pipes (like 64k, 128k and 256k). Each site has about 20-40 workstations.
What's the better topology to do this? I was thinking in installing a LiveUpdate Server in the Central Site, and some distribution centers in the remote sites (at least one distribution center in each remote site).
I thought that because GUP didn't work for me. I've start implanting SEP with GUP in the remote sites, but all the machines was going to the central site, instead of only the GUP. This was consuming all the pipe.
I beg your pardon for my poor english.
I hope make myself clear.
Thanks for any help.
Vinicius
Comments
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
Paul, I too have >4000 desktops on low speed links. In my previous TrendMicro setup I had a feature similar to the "never bypass the GUP" that you mention.
It would be very useful if we see this implemented in SEP, soon.
------------------------------------------------------------
MR99 will fix it all.
Paul Murgatroyd
Tell me please how much time clients waiting for updates from GUP and when there no DEF updates go to management server?
Hi Paul Murgatroyd,
If clients are told to use the GUP's they should use them, did you configure your LiveUpdate policies accordingly?
Yes, I did. Each remote site is a Group with a liveupdate policie, that specifies a GUP (a workstation in that group). I mean, if the client can't contact the GUP, it'll go to the SEPM. The GUP is working well, with only the features of antivirus and antyspyware and no firewall.
I think because of the low pipe, the GUP takes so long to retrieve the definitions, and the clients for some reason doesn't wait, they just go to the SEPM.
I really need this option of "never bypass the GUP". For example, when a user goes out (for a vacation) for 20 days and comes back, he turns up his machine and the pipe for that remote location is gone.
Is there a way to set how many definitions cache is stored by the GUP? For example, can i tell gup to store the last 2 months definitions? I can't find this anywhere. With a distribution center will i have this kind of problem?
Regards,
Vinicius
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
Hello all,
One question that I believe was touched on earlier in this thread, but never addressed:
I've got several sites with GUPs running and all seems well. I can view the shared content on the providers, however there doesn't seem to be a mechanism for cleaning up the sharedcontent folder once the definitions/updates have been deployed. Is there some kind of content timeout hard-coded into the gup dll's that will cleanup content that has not been requested for x length of time? Or are there some options in the works for MR3?
I'm only concerned about available hdd space because I've previously had to deal with all of the other 'bugs' that have eaten up hdd space in previous releases.
Thanks,
-M
is there a way to check wheather a client which using full Update is truly requesting update from GUP and get the update from The GUP Provider and not from the SEPM ?
This falls under the realm of robust and granular reporting and logging :smileyhappy: which seems to still be a bit lacking.
-M
Hi dude
You can use a packet capturing sftware for that. I used a software called packetizer. We provide the destiantion and the trage host IP and monitor the packet transmit. After that you can anylze if the packets truly generating from the GUP or not. PM me if you need more support.
Would you like to reply?
Login or Register to post your comment.