Intel,Altiris Group

Expand all | Collapse all

Installing LiveUpdate Server for SEPM

  • 1.  Installing LiveUpdate Server for SEPM

    Posted Jun 13, 2009 09:01 AM
     Hi!

    I am new to SEP enviornment.

    I have to install an internal Live update server for SEP 11.0 at my site. I have a site with different remote locations which are connected to my central location which has access to Internet. All my SEP clients are at remote location. I want them to be managed locally from their remote sites through a Local SEPM server get UPDATES from their SEPM and each SEPM should recieve updates from This internal LUA configured at CENTRAL Location. 

    I have already installed LUA and it is able to get updates from Symantec Site. But i'm confused that how will my SEPM at remote site will get their Product updates from this Server. And do i need to install SEP on my LUA also in order to protect it from Virus attacks.


    Please Help!
     


  • 2.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 14, 2009 01:14 AM
     I am new to SEP enviornment.

    I have to install an internal Live update server for SEP 11.0 at my site. I have a site with different remote locations which are connected to my central location which has access to Internet. All my SEP clients are at remote location. I want them to be managed locally from their remote sites through a Local SEPM server get UPDATES from their SEPM and each SEPM should recieve updates from This internal LUA configured at CENTRAL Location.

    I have already installed LUA and it is able to get updates from Symantec Site. But i'm confused that how will my SEPM at remote site will get their Product updates from this Server. And do i need to install SEP on my LUA also in order to protect it from Virus attacks.

    Please Help!


  • 3.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 14, 2009 01:52 AM
    First ..you will have to install SEP client on LUA and SEPM servers to protect it from Viral attacks.

    TO configure your remote sites to get updates from your LUa you will have to configure it in SEPM.
    Admin -Server-Local Site (site-name)- properties-Liveupdate - Add Source Servers - Use a specified internal liveupdate server -ADD - 

    Server name
    The name of the LUA server. This name appears when you run LiveUpdate.

    Description
    This box is optional. You can type the descriptive information that is related to the server. For example, you can type the name of the site.

    URL
    This URL will be the URL that you will see in the distribution page of your LUA
    eg. http:\\servename\clu-prod...

    User Name
    The logon name that is associated with the server. Leave this box blank so that users can log on and retrieve the files without typing information.

    Password
    The logon password that is associated with the server. Leave this box blank so that users can log on and retrieve the files without typing information.




  • 4.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 14, 2009 04:44 AM
    Thanks  Vikram Kumar.


    But as said, i want all my client should pick their updates from SEPM server itself. Only the SEPM server will communicate with LUA for the updates.

    I've already configured LUA but it takes too much of time to retrieve updates from Symantec site. I've also able to configure my first SEPM Server and deployed Client on my LUA so as to protect my LUA machine from any attack. Also my SEPM is able to get updates from LUA but my Client is not getting them properly from SEPM.  SEP on LUA shows three components: Antivirus and Antispyware protection, Proactive threat protection, Network threat protection. Everything is ok but the Antivirus and antispyware protection is not uptodate.

    May be because there are no updates available in SEPM.

    Also i found that when i checked my LUA activity monitor. IT shows download is running but i found most of the files skkiped while download.

    Can you help me with this?


  • 5.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 14, 2009 07:17 AM
    The above mentioned Steps that i mentioned configures SEPM to reteive updats from LUA and not the clients. 



  • 6.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 14, 2009 07:50 AM
     That part i've already configured and is working fine. 

    I've a problem that, since i've deployed SEP client on LUA from SEPM, the SEP client installed on LUA is blocking SEPM server. I;m unable to Ping LUA server ffrom any machine until i disable Network Threat Protection.

    I am unable to unblock it..... From where can i do this!!



  • 7.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 14, 2009 12:32 PM
    So the the NTP firewall is blocking the traffic.
    I guess your LUA would be on the default port 8080 
    So configure firewall rule in SEPM to allow that in firewall.
    Or check the traffic log on the lient and check what traffic it is blocking and ...create a rule to allow that traffic.


  • 8.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 14, 2009 10:01 PM

    FIREWALL Policy


    Yeah NTP is blocking i've checked the log file of NTP on Client machine can u please tell me how can i configure the firwall rule......
    I went through the firewall rules in SEPM >Clients> Firewall Policy but could not find how to do it.... 






  • 9.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 14, 2009 11:57 PM
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100512163348

    Follow the doc. and in the same way add exception for port 8080 as well.


  • 10.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 16, 2009 02:52 AM
     

    Manual Update Method



    Can we download Updates manually for Live Update Server as Download is very slow. Actually i've tried downloading updates on LUA but it failed after 70%., and there is no method to re-execute that schedule from 70%. If there is some way pls let me know. My LUA fails everytime.

    If i can download these product updates on some other machine directly from Symantec site. And simply copy them to TempDownload folder of LUA or to Default Settings\All Users\Application Data......... path i.e. the Managed folder.

    But again how will LUA will get to know about these updates So that it can Distribute and send them to clu-prod Directory..... 



  • 11.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 16, 2009 03:30 AM
    Hi,

    nobody is asking you how your network is big to give you the proper best practices.
    do you have few big sites (>1000 clients per site) or a lot of small sites (few hundreds of clients per site)?
    In the first case your SEP+LUA architecture is good.
    In the second case you can install one only SEPM and some GUP's (Group Update Provider) to update your remote sites, this is reliable and easier to set up and mantain.


  • 12.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 16, 2009 04:51 AM
    Hi Giuseppe.Axia

    Yes I have 77 small sites with 25 clients at each site in different geographical region each one is connected to Central Location. I can think of Three Scenerios....

    1st. installing LUA at Central location as this is the only site with Internet Access via Proxy. All other Sites having their own SEPM, will get update from this Internal LUA server only. I'll also install SEPM and SEP client on this machine so as to protect it from Attacks.

    2nd. Install SEPM on this server get updates from Symantec server and send them to 77 Sites, these site also have there own SEPM which will update their local clients. 

    3rd. As you said i can install SEPM at centre and install clients to all other locations and configure GUP for each site.

    My concern is which one will be better. 

    Do I really need to have LUA. What are the drawback in short.

    Right now i have configured LUA. But it is taking so much of time and finally fails to download. Download content is around 860MB. Quite big
     


  • 13.  RE: Installing LiveUpdate Server for SEPM
    Best Answer

    Posted Jun 16, 2009 09:22 AM
    Here's my opinions:

    - for sure you cannot install 77 (or 50, or 10...) SEPM... you will burn your brain to manage them and they will not work at all. For 2000 clients, one SEPM  works fine, it very depends on the connections you have...

    - with one only SEPM you don't need LUA at all

    - therefore, you have to use the GUP

    Enjoy this:
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009012721190648

    Our Support is avaible in case you need to better tune your SEPM.

    Don't forget to mark as a solution the most useful post for you.

    Cheers,





  • 14.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 16, 2009 12:02 PM

    Need some more Suggestion



     But I want to control my update sent to my clients. AS some of them may create problem to my Application. Can you also provide me the list of Products and their contents.

    What I've chosen are:

    Symantec Endpoint Protection 11.0 (English)
    Live Update Technologies.
    Symantec Network Access Protection (English) 

    Components:

    Behaviour Crimeware, Firewall Policies, Antivirus definitions, Other software

    Also I wanna control Each site locally. I only want to update them from my central location. 

    Is it possible?


  • 15.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 17, 2009 02:58 AM
    > But I want to control my update sent to my clients. AS some of them may create problem to my Application.
    You can deeply control the definitions deployment only with LUA. Two ways:
    1) half control: LUA downloads from our server when you want, SEPM from LUA when you want, SEP clients from SEPM as soon as possible (it depends if you are in pull or push mode).
    2) full control: LUA downloads from our server when you want, SEPM and SEP only from LUA when you want.

    > Can you also provide me the list of Products and their contents.
    You should know better than me the list of products you want install and use... just select the name of the products in the LUA. It is not tricky. Eventually explain me better what you mean.

    > Also I wanna control Each site locally.
    Not clear. Do you want to control 77 (or just 50, or just more than two...) SEPM? Do you have a skilled IT administrator on each site? How are you picturing to synchronize their settings and policies? We are giving you a fantastic console, with a high flexibility and the ability to manage thousands of clients from one only place. You can also create multiple accounts to log on in the console, also remotely. Probably you don't know this product very well yet. If you have network performance issue just move to the pull mode with a proper heartbeat.

    > Is it possible?
    Yes, you can still shoot at the butterfly with the cannon.



  • 16.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 17, 2009 07:58 AM
    Hi praveen
    try to understand what vikram is stating in his comment


  • 17.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 17, 2009 08:12 AM


    Yes I want to control each site locally from their SEPM, and only want thier SEPM to get update from Central Location SERVER. 

    My all site Engineers will manage SEPM and their clients from their site only. 

    I have suggested my Head for GUP but he wants what i'm explaining you above....

    They want all clients to be managed by their Regional SEPM only. 

    But as the document suggest that you provided we should have least no of SEPM. But if we don't want replication can we go for 77 SEPM(s).





  • 18.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 17, 2009 02:34 PM
    Yes, you can install 77 autonomus SEPMs but what are the advantages? Don't you like the full view and control of your organization?
    Are you planning to train 154 persons (you need one back up person per site as well) to manage SEPM? Do you have good servers in so small sites? It seems a reach company, do you need a SEPM expert?
    Do you know how flexible is the SEPM? You can create groups, domains of control and limited administrator accounts. It means you can "split" the control of one SEPM between your IT engineers. They can access remotely to the console just with the URL http://your_central_server:9090. If you have to add a firewall rules to all clients you can do it with few clicks instead of copy and paste the policies.
    I am surprised you don't like such powerful features and you are going to install 77 SEPM without any real benefit but just because an unskilled boss has a fixed idea in mind.





  • 19.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 19, 2009 12:27 AM
     Thanks Giuseppe.Axia

    I've configured my LUA and /sepm successfully... and i'm able to retrieve updates....


    Only the problem i'm facing is that All my clients are showing PTP off and waiting for updates although they are upto date.I'm still pondering why is it happening......


  • 20.  RE: Installing LiveUpdate Server for SEPM

    Posted Jun 19, 2009 04:14 AM
    If you have a new issue it is better for you to open a new discussion to better catch the community attention on the new issue.


  • 21.  RE: Installing LiveUpdate Server for SEPM