Endpoint Protection

Excuse me if I'm missing something obvious here.  We have 2 sites linked with a 10meg line.  The SEPM is based in the main office (Bristol, UK) with around 600 clients and works fine.  The second office (London, UK) has around 100 clients, which in the scale of Symantec experience must be considered a tiny site.  I am planning to set up a GUP there but so far the updates have been rolling up to London fine so I havent felt much urgency.
This week I updated to MR4MP2 (11.0.4202.75) and tried to roll the client update out using the 'Install Packages' tab on the client view of SEPM.  The 100 clients in London all decided to go at once, totally trashed the network link, took out the whole London Office including ip phones and earnt me a slap.

I've been looking through the manual and cant see how Symantec recommend to do this, what I have seen is ..

• A GUP is used for definition content, not for client updates according to the manual so that wont help
• If I set the package to distribute updates over a number of days it spreads them out ok but each one seems to trash the network as it goes (albeit for aonly a minute or so)

I do use Microsoft System Centre config manager but have had issues installing SEP through that, but I also am convinced that there is a built in way to do this within SEPM, I just cant see what it is.  My research has given me a couple of suggestions which are

• use a URL lonk (though i sense that requires user intervention), I want this to be automatic and silent
• build a live update server in London and set everything to update from there.

I would be interested in hearing what is considered the best practice in this situation so I can finish this update now and be better prepared for the next one

Many thanks
Andy

 GUP only supports definition updates and not product updates.
Once you assign the install package to a group it will send a small upgrade file ( very small compared to the size of the actual install package ) to all the computers at once that will choke up the bandwidth.

So now you've actually got two workarounds :
1. Create a test group assign the package to that group.
Move 10 or 5 clients ( whatever the bandwidth permits ) to the test group.
Once they have upgraded you can move them back to their original group and bring in the next 10.

2.Export a client install package and copy it wil the clientremote.exe  ( which is in CD2 of the downloads) to any of the local servers in london and do a deployment from there.
Clientremote.exe is similar to Migration and deployment wizard.

 SEP is a very much Environomental product..so theb best practise for all might not be the best practise for you...So whatever suits your environment is your best practise  :-)

I hadn't discovered Client remote, I'll test that.

The idea of moving 5 PCs at a time into a 'update' group is a bit too manual, I want a solution to be a simple and automated as possible.  Would I have the option of building a live update server in both sites, having the London (remote site) server slave to the Bristol one and then get all the clients in London to update from their local LU server?

regards
A

 

I think you are talking about replication.
Even that would be a great option to have a replication partner in London that will replicate the Bristols SEPM s database. However ,if only if ,you are ready to dedicate a server for SEPM as it requires much more resources as compared to a GUP
All the clients in London will retrive their product and definition updates from their local manager.
However the local sepm will be replicating the Packages,Content and logs from Main SEPM in bristol.

Liveupdate Administrator.
Since the GUP cannot do product updates yo can have Liveupdate Administrator to distribute product updates and definition updates ..but for that symantec has to oublish product updates via liveupdates and it takes much more time a regular upgrade. ( it might take a month or so for product updates to get released via liveupdate )