Endpoint Protection

Hi All,

I just have some queries regarding GUP configuration.

I have seen documents that a GUP can support up to 10000 clients. However want to know the realistic count for an infrastructure. Here are my queries:

How many clients can a GUP support in a realistic way in order to have an optimum utilization & to ensure the clients download definitions without any issue?

How much space is required for Disk cache size allowed for downloading updates need to be configured in order to have 30 content updates or any suggested disk space allocation?

If we install SEP in D Drive - can we still configure that server as GUP?

If the GUP server has v12.1.2, SEPM is running with v12.1.5 & clients are running with v12.1.2, v12.1.3, v12.1.4 & v12.1.5 - can it still be able to distribute definition to all versions?

Now regarding LUA - While configure SEP version we have v12.1 RU2 & v12.1 RU5. When we configure v12.1 RU2, RU5 clients are unable to receive definitions from LUA. However while configuring v12.1 RU5, the clients are able to update definitions. If we configure both RU2 & RU5, RU2 download task fails. Hence If we configure RU5 ONLY, can RU2 clients update RU5's definition / is it compatible?

Thanks

10k is a realistic count assuming you have a dedicated GUP to do it.

What version of SEP? 12.1.6 has new content midifications which require less disk space on the client

Yes, if installed on D: it would work fine because there are some components that are still installed on C:. This is hard-coded and cannot be changed.

Yes, will work fine although it's recommended to be on the same version across the board.

Yes, should work fine. Are you getting any errors?

1) A GUP can serve 10000 clients provided that it has the required resources such as memory, CPU, bandwidth. Also, the clients need to be configured with suitable heartbeat interval and download randomization (in SEPM) to be able to evenly download the updates. Also, the SEPM should keep enough number of previous definitions to facilitate the differential updates so that the GUP can efficiently serve more clients with smaller updates. The frequency at whcih the SEPM downloads the new definition aslo contributes to this factor.

Practically, I would suggest having more than 3 GUPs for 10000 clients.

2) In a network where the clients are set to download the latest definitions as and when they are available, the GUP need not store definition older than 2 days, because the GUP doesn't have the capablity to merge or create differential updated. It is just a proxy and acts as a medium which avoids downloading of same file more than once. Hence it is enough to have a maximum of 2 days.

For SEPM12.1 RU4 and earlier: Note that in SEPM we keep definition by "number of revisions" and in GUP it is by "number of days". Symantec releases 3 definitions per day. 1 definition set might occupy 1.5 GB (actually a little lesser than that) of cache on GUP. So, if you have set the SEPM to download all the definition that are released on a day, then the GUP cahce must be large enough to hold 6 definition sets, which is approx 9 GB.

For SEPM12.1 RU5 and later: The content distribution technology has been changed in the newer versions of SEPM. Thus the space required for the storage of definitions on the SEPM and the GUP are considerably reduced. Hence 2 to 3 GB of cache is sufficient.

3 & 4) Brian already answered them.

Thanks Guys...

For SEPM12.1 RU4 and earlier: Note that in SEPM we keep definition by "number of revisions" and in GUP it is by "number of days". Symantec releases 3 definitions per day. 1 definition set might occupy 1.5 GB (actually a little lesser than that) of cache on GUP. So, if you have set the SEPM to download all the definition that are released on a day, then the GUP cahce must be large enough to hold 6 definition sets, which is approx 9 GB.

For SEPM12.1 RU5 and later: The content distribution technology has been changed in the newer versions of SEPM. Thus the space required for the storage of definitions on the SEPM and the GUP are considerably reduced. Hence 2 to 3 GB of cache is sufficient.

I don't think the change in content storage since 12.1.5 has an impact on GUP cache size. Well explained  by SMLatCST here:

http://www.symantec.com/connect/forums/gup-space#comment-10507691

The default value of about 2,000 MB (12.1.6) should be sufficient for the time being. Worst case in a GUP cache are  2 AV/AS full definitions (about 650 MB each) plus lots of delta files which don't consume much space.

Brian / Seyad

Planning for 500 devices approx per GUP(Single GUP).

Two more question

Suppose we are using both GUP & LUA together. As per LU schedule it will download from the LUA however during heartbeat interval, will it still download definitions from GUP?

How much can I configure for maximum number of simultaneous downloads to clients?

Yea it would use both. I would suggest either going with a LUA or GUP but not both.

This can be configured within the GUP policy.

Difference between a SEP GUP v/s LiveUpdate Administrator

Hi Shiva,

From My experience if you have 10K machines then 2 or more GUP behind a Load Balancer would be the best choice. GUPs with 2-4 GB cacahe and 50-100 concurrent connections will serve the purpose.

As Brian said try not to use both, However you can have it configured as a backup route to get clients updated in case of outdated issues. The LUA method has more of an impossing manner in updating the definitions. Scenarios where the signature updates is stuck on old dates, or the defs getting curropted.

For LUA with both RU2 & RU5:

1. If you have selected both the product in a single download task then have it split and change the timing.
2. If seperate then have it configured in a single task
3. Upgrade the LUA if the latest version is not used. Not just for this issues but it does has good fixes even on the HTTPs distribution point area.

The link below would give info on what components needs to be selected. The will help is using only the required space.

http://www.symantec.com/docs/TECH139618