Group Update Provider Policy
I would appreciate any help I could get in designing a live update policy so thanks in advance for any suggestions.
We currently have SEP 12.1.2 deployed on all our clients and we have many sites around the world ranging from 20 – 250 users. The majority of our clients are laptop users and frequently roam from location to location.
My goal is to hopefully create a policy to allow users to:
1. Receive updates from the SEPM if located in the main office on same subnet as the SEPM
2. Receive updates from the GUP in the appropriate subnet when travelling to other sites.
3. Receive updates from the Symantec LiveUpdate servers when either of the above are unavailable (for example when in a hotel)
To try to achieve this I plan to nominate a single GUP in each remote site location and create a live update policy with the following settings enabled:
1. Use the update management server
2. Use the default Symantec LiveUpdate server
3. Use multiple group update providers (and configure a policy to nominate a suitable machine in each subnet. With a 3 hour time out period
I have several concerns with the proposed setup:
1. The download preference , i.e. I am aware that the GUP’s would be searched first, if failed then the SEPM would be contacted, so this would work as intended, however with the Symantec Liveupdate checked, would this be seen as a priority and override the GUP feature?
2. Also, I believe that the GUP list published by the SEPM would contain all the information required for the clients to identify a GUP on their subnet, however I believe they create their own local GUP list, has this filtered out those GUPs available on their own subnet, and how often does this refresh? Would this stop the ability to roam to another site/subnet as the client would only have the GUP list for the previous subnet or would it retain all the available GUPs therefore allowing a roaming feature?
One further design we will need to implement is the explicit group update provider. In one country we will have a single data centre able to speak to the SEPM via the VPN, and anything over 200 smaller site locations on individual subnets connected to the data centre via mpls, users will roam between these locations on a daily basis. I believe that creating a GUP in the data center and applying an explicit GUP policy should work for this situation, however could this policy be used in combination with the original policy in this thread, or should the users be moved from their normal groups in the SEPM into a group where this explicit policy applies?