Hello,
Explicit Group Update Providers
You can configure an explicit list of Group Update Providers that clients can use to connect to Group Update Providers that are on subnets other than the client's subnet. Clients that change location frequently can then roam to the closest Group Update Provider on the list.
An explicit Group Update Providers list does not turn clients into Group Update Providers. You use an explicit Group Update Provider list to map the client subnet network addresses to the Group Update Providers. You identify the Group Update Providers by any of following means:
-
IP address
-
Host name
-
Subnet
Explicit Group Update Providers can be static or dynamic, depending on how you configure them. If you use an IP address or a host name to configure an explicit Group Update Provider, then it is a static Group Update Provider. This difference affects how Group Update Providers act in networks that mix legacy version clients and managers with clients and managers from the current release.
If you use a subnet to designate a Group Update Provider, it is dynamic, as clients search for a Group Update Provider on that subnet.
Multiple Group Update Providers
Multiple Group Update Providers use a set of rules, or criteria, to elect themselves to serve groups of clients in their own subnets. To configure multiple Group Update Providers, you specify the criteria that client computers must meet to qualify as a Group Update Provider. You can use a host name or IP address, registry keys, or operating system as criteria. If a client computer meets the criteria, the Symantec Endpoint Protection Manager adds the client to a global list of Group Update Providers. Symantec Endpoint Protection Manager then makes the global list available to all the clients in the network. Clients check the list and choose the Group Update Providers that are located in their own subnet. Multiple Group Update Providers are dynamic Group Update Providers.
Use multiple Group Update Providers when your network includes any of the following scenarios:
-
The client computers on your network are not legacy clients.
Multiple Group Update Providers are supported on the computers that run Symantec Endpoint Protection 11.0.5 (RU5) software or a later version. You cannot use multiple Group Update Providers with the legacy clients that run versions of Symantec Endpoint Protection earlier than 11.0.5 (RU5). Legacy clients cannot get content from multiple Group Update Providers. A legacy client cannot be designated as a Group Update Provider even if it meets the criteria for multiple Group Update Providers.
You can create a separate LiveUpdate Settings policy and configure a single, static Group Update Provider for a group of legacy clients.
-
You have multiple groups and want to use different Group Update Providers for each group
You can use one policy that specifies rules for the election of multiple Group Update Providers. If clients change locations, you do not have to update the LiveUpdate Settings policy. The Symantec Endpoint Protection Manager combines multiple Group Update Providers across sites and domains. It makes the list available to all clients in all groups in your network.
Reference:
About the types of Group Update Providers
http://www.symantec.com/docs/HOWTO80957
Symantec Endpoint Protection (SEP) Group Update Providers (GUPs) Selection Examples
http://www.symantec.com/docs/TECH198702
Understanding "Explicit Group Update Providers (GUPs) for Roaming Clients" in Symantec Endpoint Protection (SEP) 12.1.2
http://www.symantec.com/docs/TECH198640
There is a tool I created to help you build a LiveUpdate policy with multiple explicit GUPS. Check out this page for details on the tool:
Generate LiveUpdate Policies that have many GUP Subnets
https://www-secure.symantec.com/connect/downloads/generate-liveupdate-policies-have-many-gup-subnets
Hope that helps!!