Endpoint Protection

 View Only

  • 1.  Help Required - Server to server and server to client definition update information.

    Posted Apr 10, 2008 04:48 AM
    Dear All,
     
    This is my first post in any forum.
     
    I am running SAVCE 10.1 MR7 server and about 250 clients at the same location, plus I have three secondary servers and about 10-15 clients connecting to each of them. I have a doubt in the definition update architecture and require help with the folowing questions:
     
    1. What is the size of a definition update between two servers (primary and secondary) ?
    2. Does Server to server update trasfer the complete xdb, or only the incremental definition is transferred ?
    3. What is the size of a definition update between a client and their respective servers ?
     
    Please, I would request all of you to help me with this.
     
    Regards,
     
    Notes Admin


  • 2.  RE: Help Required - Server to server and server to client definition update information.

    Posted Apr 10, 2008 09:37 AM
    Welcome,
     
    Here's what I think are the answers..
     
    1) I think it's a full xdb download that's sent to the secondary servers
    2) Same as 1, if you have the "update parent only" option selected in the virus definition manager.
    3) This sends out a delta, much like microdef technology in liveupdate.  So the size of the defs going to the client will only be a few kb.  The longer the client has been offline, the larger the size of the delta.  If they've been offline too long the server will send the entire def file to the client.


  • 3.  RE: Help Required - Server to server and server to client definition update information.

    Posted Apr 10, 2008 10:38 AM
    Hi Martin Jr.
     
    Thanks for the response. So from what I have understood, the definition update works in the following manner:
     
    1. Server to Server definition update is full XDB file. (approx. 40 MB nowadays)
    2. Server to Client update is MicroDefs (approx. 350 KB)
     
    So, the breakeven is somewhere around 110 client machines.
    So if I have a secondary server, having 15 clients, instead of having a server, which will download 40 MB from the primary server, I should move the clients under the primary server itself, so that the data transfer is only 400 KB per client.
     
    Thanks Martin, Thanks a lot for your help.
     
    Regards,
     
    Notes Admin


  • 4.  RE: Help Required - Server to server and server to client definition update information.

    Posted Apr 10, 2008 02:17 PM
    Well, that's where it gets a little tricky....
     
    In the old days where vdtm didn't use the microdef  technology it was advised to have an antivirus server at each remote site.  That way instead of having a full vdb, it was vdb back in those days, download to each client you'd have one vdb download over the wan link to the server then it distributes the vdb file over the lan.
     
    Now since they use the microdef technology, or something like it, you can actually have clients over a wan link.  Actually in my design at my other job I kept all of my secondary servers at the remote sites.  They were already there anyway, plus I like having a local server at the site because of all the communication that happens between the client and server (keep alive packets).
     
    In your case it depends totally on your wan link and how fat the pipe is between your sites.  If you have a large pipe between the sites and only 15 clients at the remote site it's not an issue to put them on the primary.  If you don't have a large pipe I'd keep the secondary at the remote site and download definitions during the off-peak time of the day.
     
    Of course I also say that because I'm a fan of having at least two antivirus servers in a server group for failover... :-)