Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Having multiple sites to segregate AV updates?

Created: 04 Feb 2013 | 17 comments

I'm exploring ways to segregate my servers into update groups in order to not have all 800 downloading antivirus updates close together in time.  Our heartbeat interval is 5 minutes (can't change that) and when the servers start to pull down the new defs, our SAN slows to a crawl.

I'd like to either create a new site (or two) and split up the servers into smaller update groups, or else come up with another plan for rolling out the updates - maybe there's just something that I'm not aware of that would work?

Anyway, if I wanted, could I create a couple of new local sites and if so, how would I do that?

 

Thanks,

Mark

Comments 17 CommentsJump to latest comment

.Brian's picture

You can create groups and remove inheritance, which will allow you to assign different policies.

Also, do you have any GUPs configured?

It should be just as simple as creating a new group from the Clients page, than go to the Policies tab and uncheck inheritance. Now the group will be seaprated and you can make changes without affecting other groups.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

saturnnights's picture

But if I want those servers to pull their updates from the default server, there's no way to schedule that - the schedule options get grayed out and they just pull down updates at the next heartbeat interval.  :-(

.Brian's picture

Correct, you cannot schedule content updates from SEPM to client.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi Mark,

Thank you for posting your query in the Symantec forum.

Could you please explain more details about network.

1) SEPM version? SEPM installed OS details?

2) Total Number of clients in the network?

3) All the clients are residing on the same LAN?

4) Could you please explain when the servers start to pull down the new defs (from Internet), your SAN slows to a crawl, how it's co-related?

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

saturnnights's picture

Hi Chetan,

It's 12.1, installed on 2008 R2.

We have nearly 800 servers with the client installed.  They're all on the same LAN.

Because of teh 5 minute heartbeat (which can't be changed due to corp policy), within 5 minutes of the management server pulling down defs, all servers are pulling them.  Our SAN experiences very high read/write activity for an hour or so until all servers have been updated.  Our SAN team has been watching this for a while now and would like for me to divide the servers into smaller update groups to try to deal with this.  It's so bad that most servers are non-responsive during the update.  I tend to get kicked out of Citrix and many of our critical systems that are sensitive to network timing have issues during the update.

Thanks,
Mark

Vikram Kumar-SAV to SEP's picture

Increase Download Randomization from 5 minutes to 1 hour or 30 minutes..this setting is below the heartbeat interval..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

saturnnights's picture

I need to have a tighter control over exactly when the updates are pulled down, due to the many other things that happen at night.  I'd like to update one group early in the evening because that's a development group and won't hurt anything.  But the rest needs to be controlled due to backups and virus scans and other maintenance that is all being carefully coordinated.  It's a nightmare, but that's why I need to have strict control of the updates and would like to group servers somehow.

reza akhlaghy's picture

First I would recommend Vikram's solution, but if you have lots of resources (it seems that you have! ;) ) you can add more SEPM servers and divdide clients between them using "management server list". This will give you an option to put servers in different LUNs in storage and balance the load

 

 

saturnnights's picture

If I created more SEPM servers, would all of them be able to share the various policies and lists that I already have?  We have a large number of firewall and exclusion policies and if I had to reproduce them and manage them on several servers, it would create chaos...

reza akhlaghy's picture

Yes, servers in same site share everything together. You just need to have database on SQL server.

saturnnights's picture

All of the servers would share the same SQL database?  I do have my database on a dedicated SQL server right now.

I guess I just need to look into Symantec's whitepapers for some info on implementation of multiple servers like this.  I've had a similar setup years ago, but for a different purpose (separate physical locations) but my mind is foggy on the details of how I'd configured that.

Thanks,
Mark

SebastianZ's picture

If you have several SEPM servers connecting to the same database you would have a fail-over configuration:

http://www.symantec.com/docs/HOWTO26806

https://www-secure.symantec.com/connect/forums/fai...

SMLatCST's picture

Have you considered the LiveUpdate Administrator?

The LUA itself is just an internal repository of definitions, but the reason I mention it is that you get far better scheduling options on the SEP Client side when using LiveUpdate for content downloads rather than relying on the heartbeat (update using default management server).

All you'd then have to do (after setting up the LUA) is separate the clients out into different groups, and assign them different LiveUpdate policies with different schedules (all pointing at the LUA).

#EDIT#

I'm sure you're aware of the LU scheduling options but here they are anyway:
http://www.symantec.com/docs/TECH178257

Plus some more info on the LUA:
http://www.symantec.com/docs/TECH102701
http://www.symantec.com/docs/TECH93409
http://www.symantec.com/docs/TECH154896

saturnnights's picture

I'll admit that I don't really know anything about the LiveUpdate Administrator - I've always just used the SEPM server to deliver updates.  I will research the LiveUpdate Administrator and its features and see what all it can do.

If I had SEP, is the LiveUpdate Administrator included?  I'd better start reading about this.

Thanks,
Mark

SebastianZ's picture

You will find the Liveupdate administrator available on the CD2 of the SEP 12.1 RU2 installation (Symantec_Endpoint_Protection_12.1.2_Part2_Tools_EN.exe) - it is in the folder called "Liveupdate" - executable LUAESD.exe

SMLatCST's picture

License-wise, you're free to use it with any alongside any Symantec product that can make use of it (including SEP).

As Seb says, the install media can be found in the "Part_2" download from fileconnect.

As per the articles, it's recommended that you install to a dedicated physical box if possible...

saturnnights's picture

Well, thanks to everyone for your guidance and suggestions.  I've decided to roll out a LiveUpdate Administrator server to segregate the updates with the servers.

Have a great weekend!
Mark