Video Screencast Help

Definition updates for roaming users

Created: 24 Dec 2007 • Updated: 21 May 2010 | 6 comments
susanthas-123's picture

This is an interesting question raised by a customer ad i thought it’d be ideal if I can get a clear picture from this forum. This client is having over 50 branch office around the country.  Assuming if we have implemented SEP11 in the main office and then branch offices and setup  SEPM in branch offices. Now we will configure the branch offices to get the updates from the SEPM in the Head Office and also from the Symantec web sites.

But for the Desktop Pc’s it’ll only the SEPM in their office only. For the laptop users we want to create a customer live update policy and include all the SEPM servers IP address t get the updates, this is assuming if they visit the branch office their SEP client will get the updates fro that SEPM near to them. Now the true question is will SEP client will be smart enough to identify the nearest SEPM and pull the updates or will he always go for the first SEPM server mention in their policy regardless of their location? What my customer really want to accomplish is laptop SEP client should be able to contact the nearest SEPM server and pull the updates rather than going for the head office all the time if that laptop belong to head office.

Comments 6 CommentsJump to latest comment

susanthas-123's picture
Hi everyone,
 
  Any help? Did anyone came up with an issue like this before?
 
Reards,
Susantha
Sandeep Cheema's picture
Susantha, Not too sure what you are talking about over here.
 
If its the policy updates then the SEP clients will always go to the SEPM whose address is mentioned in the Sylink.xml located under the program files\symantec\symantec endpoint protection and program files\symantec antivirus of the root drive.
 
However if you are talking about the definitions download, that can be customised by adding a GUP and/or the internal liveupdate server, so that the client initially contacts the GUP or the internal liveupdate server for the definitions.
 
Now what could be done with the scenario that you have explained is to  have an internal live update server at each site by adding them all to the policies > live update > edit live update policies > Server settings > uncheck the default management server > check use a liveupdate server > select use a specified internal liveupdate server and enter the names of all the internal liveupdate servers that have been created for each site.
 
Since its gonna find just one alive out of all(of that site), it would take the updates from that internal liveupdate server.
 
 

De facto when AV does something, it starts jumping up and down, waving its arms, and shouting...

"Hey!  I found a virus!  Look at me!  I'm soooo goooood!"

susanthas-123's picture

Hi Sandeep,

You almost got what I've been trying to ask. Now assuming I've congifured Live update servers in each site and int eh Live Update policy if I add those Live update servers IP address. Assume this laptop ser goes to one of those branch offices and in that case will he be able to contact the Live update server in that office or will it always look for the first Live update server in the live update policy?

This clinet's branch offices are interconnect with VPN link and if the head office user carries his laptop to a branch office I want that laptop to get updates from the branch offic Live update server instead of it keep on searching for the head office live update server. Now due to the VPN link if he access the headoffice live update server for the SEP11 updates that will conusme most of the VPN bandwith.

Hope you'll get what I've been trying to explain.

Paul Murgatroyd's picture
Hi Susantha,
 
There are two ways you can do this, both assume several different things.  One way uses SEP functionality, the other does not.
 
1. Configure all clients to pull their updates from the hostname "liveupdate" for instance.  Assuming you have local DNS servers, a call to "liveupdate" from the local network would be resolved by the local DNS server and point the client to the correct server based on the host records you have set up on each local DNS server.
 
OR you could do this:
 
2. Create a location in a SEPM Group for each of your sites and using location awareness, create some criteria that can only be met by that site (subnet, IP address range, DNS server IP's, etc) and assign a separate liveupdate policy to each location (each policy points to the local LU server).  When the client correctly enumerates its location, it will switch to the correct liveupdate server and pull its updates from there.  When it leaves the site and appears at another one it will once again enumerate its location and should then switch to the local site liveupdate server.
 
hth
 
 
 

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

susanthas-123's picture

Hi Paul,

Thank ou very much for your quick response. I really apperciatd that. I think creating a location awareness policy is much more pleasing method for me. So hopefully I'll do that when I visit the client to complete the SEP POC at his place. So far I'm ok with demostrating this product at the client side but really worried about the SMB market due to the SEPM resource demand. Hope this will be considered by Symantec in future.

Regards,
Susantha

Paul Murgatroyd's picture
no problem, glad to help.
 
we are looking into optimising the memory footprint of SEPM for SMB's so things should improve there.
 
ping me on YIM if you want any more details on the group configuration

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint