Endpoint Protection

 View Only

  • 1.  Convert all Clients to PUSH... How much of a load increase?

    Posted Jul 10, 2012 12:22 PM

    I've tried contacting support on this, but I haven't gotten an answer.  In response to my domain-joined Macs generating constant LDAP traffic, I've moved them to special groups to convert them from PULL to PUSH communications.  This was about 300 machines.  For various reasons, I'd like to keep them with their PC counterparts in my SEPM tree.

    I wondered if anyone has any insight on what kind of performance penalty I should expect if I were to convert all my clients (about 4000) to PUSH communication.  I'm worried that it will bring down my server if I do; if I don't, some renegade Macs may bring down my domain controller(s). 

     

    I have the SEPM running in a VM, and an SQL DB running on a separate VM.

     

    An article describing the Mac/LDAP issue: http://www.symantec.com/docs/TECH188297



  • 2.  RE: Convert all Clients to PUSH... How much of a load increase?

    Broadcom Employee
    Posted Jul 10, 2012 12:38 PM

    converting all clients to push mode will definetly impact the SEPM ( bit slow in performance). Why do you need to need it in push mode. Even pull mode with 30 minutes should be good .



  • 3.  RE: Convert all Clients to PUSH... How much of a load increase?

    Posted Jul 10, 2012 12:45 PM

    I just can't see that being a good idea. The clients will maintain a constant connection and will continuously be uploading logs, downloading any new updates, etc.



  • 4.  RE: Convert all Clients to PUSH... How much of a load increase?

    Posted Jul 10, 2012 01:18 PM

    The Macs have to stay in push mode.  If not they hammer my domain controllers.  I was trying to eliminate the possibility that a Mac would end up in a group not using push.  It only takes one to cause a massive headache.



  • 5.  RE: Convert all Clients to PUSH... How much of a load increase?

    Posted Jul 10, 2012 01:22 PM

    I am worried about that as well.  When the LDAP issue started a few weeks ago, the Symantec tech seemed surprised that I wasn't using push mode by default. 

     

    I told him I wasn't sure, but that we'd been using pull mode as long as I'd been here.

     

     

     

     



  • 6.  RE: Convert all Clients to PUSH... How much of a load increase?
    Best Answer

    Posted Jul 10, 2012 02:07 PM

    I HIGHLY recommend you do not set your 4000 clients to PUSH mode. What is going to happen is as soon as your SEPM has downloaded new definitions via liveupdate ALL of your clients are going to know about it immediately. Then you are going to have 4000 machines pulling down virus definitions at the same time, normally not a situation you want.

    With PULL mode and download randomization you are not going to reduce the overall bandwidth usage but you will be able to spread that bandwidth out over a longer period of time.