Endpoint Protection

 View Only

  • 1.  Group Update Provider on an isolated network

    Posted Sep 18, 2009 03:21 PM
    I have a network of about 30 computers that for security reasons is completely isolated from the Internet and the rest of my network.  We would like to install SEP on all the workstations and use one of the workstations as a Group Update Provider.   We would like to manually install updates to this computer and have the Group Update Provider distribute the updates to the other workstations. 

    My question is how do I build the name or IP address of the Group Update Provider into the install package?  These workstations will never talk to the SEPM server so even if I placed them in a group that had the Group Update Provider assigned to it that information could never be communicated to the workstation.  It all must be built into the install package.


    I understand that there is little threat of problems on an isolated network.  SEP is just a precaution.


  • 2.  RE: Group Update Provider on an isolated network

    Posted Sep 18, 2009 03:33 PM
    The GUP takes the update from SEPM. If there is no SEPM in the network then there is no GUP.
    We cannot add settings in the package for the GUP.

    Also if the Client will not talk to SEPM how will it get the policy to take the update from GUP.

    The best in this case would be to use a Internal Liveupdate sever or LUA


  • 3.  RE: Group Update Provider on an isolated network

    Posted Sep 18, 2009 03:38 PM
     Group update provider cannot distribute client updates ( install packages)
    both these dieas already in -review you can vote them so that they get reviewed faster.
    https://www-secure.symantec.com/connect/idea/allow-product-updates-be-distributed-group-update-provider

    https://www-secure.symantec.com/connect/idea/if-gup-could-handle-product-updates-aswell


  • 4.  RE: Group Update Provider on an isolated network

    Posted Sep 18, 2009 03:55 PM
    I don't need to install from the GUP I would install the client manually.  My hope is the GUP could distribute updates if the updates were loaded manually onto the GUP. 

    My question is could I build an install package on the SEPM that I would manually install on the clients that would include information about the GUP (on the server list?).  Then the clients would check the GUP for updates especially if they can't reach the SEPM.


  • 5.  RE: Group Update Provider on an isolated network
    Best Answer

    Posted Sep 18, 2009 04:06 PM
    Why not install SEPM on one of the clients so you can manually update the definitions on the SEPM (and point all of your clients to the SEPM)?  This would also give you more control over the policies set for the clients.


  • 6.  RE: Group Update Provider on an isolated network

    Posted Sep 18, 2009 04:15 PM

    Yes , that is possible. We can first create the policy accordingly, then craete a package for the group for which we have the Policy configured.

    gup 1.JPG
     



  • 7.  RE: Group Update Provider on an isolated network

    Posted Sep 18, 2009 04:27 PM
    Would you need an additional license to install another instance of SEPM?


  • 8.  RE: Group Update Provider on an isolated network

    Posted Sep 18, 2009 04:32 PM
    No, you don't need addtional license to install a new SEPM


  • 9.  RE: Group Update Provider on an isolated network

    Posted Sep 18, 2009 04:36 PM
    I believe their licensing is per seat (client) and not per server.


  • 10.  RE: Group Update Provider on an isolated network

    Posted Sep 18, 2009 05:00 PM
    Thanks great help