Hi,
Distributing content using Group Update Providers
A Group Update Provider is a client computer that you designate to locally distribute content updates to clients.AGroup Update Provider downloads content updates from the management server and distributes the updates to clients. AGroup Update Provider helps you conserve bandwidth by offloading processing power from the server to the Group Update Provider. A Group Update Provider is ideal for delivering content updates to clients that have limited network access to the server. You can use a Group Update Provider to conserve bandwidth to clients in a remote location over a slow link.
Managing Group Update Providers
Step 1: Verify client communication - Before you configure Group Update Providers, verify that the clients can receive content updates from the server. Resolve any client-server communication problems. You can view client-server activity in the System logs.
Step 2: Configure Group Update Providers - You configure Group Update Providers by specifying settings in the LiveUpdate Settings Policy. You can configure a single Group Update Provider or multiple Group Update Providers.
Step 3: Assign the LiveUpdate Settings Policy to groups - You assign the LiveUpdate Settings Policy to the groups that use the Group Update Providers. You also assign the policy to the group in which the Group Update Provider resides. For a single Group Update Provider, you assign one LiveUpdate Settings Policy per group per site. For multiple Group Update Providers, you assign one LiveUpdate Settings Policy to multiple groups across subnets.
Step 4: Verify that clients are designated as Group Update Providers - You can view the client computers that are designated as Group Update Providers. You can search client computers to view a list of Group Update Providers. A client computer's properties also shows whether or not it is a Group Update Provider.
About the types of Group Update Providers
You can configure two types of Group Update Providers: a single Group Update Provider or multiple Group Update Providers:
Single Group Update Provider: A single Group Update Provider is a dedicated client computer that provides content for one or more groups of clients. A single Group Update Provider can be a client computer in any group. To configure a single Group Update Provider, you specify the IP address or host name of the client computer that you want to designate as the Group Update Provider.
Multiple Group Update Provider: Multiple Group Update Providers use a set of rules, or criteria, to elect themselves to serve groups of clients across subnets. To configure multiple Group Update Providers, you specify the criteria that client computers must meet to qualify as a Group Update Provider. If a client computer meets the criteria, the Symantec Endpoint Protection Manager adds the client to its list of Group Update Providers. Symantec Endpoint Protection Manager then makes the list available to all the clients in your network. Clients check the list and choose the Group Update Provider that is located in their subnet. You can also configure a single, dedicated Group Update Provider to distribute content to clients when the local Group Update Provider is not available.
You use a LiveUpdate Settings Policy to configure the type of Group Update Provider. The type you configure depends on how your network is set up and whether or not your network includes legacy clients.
Note : The Group Update Provider does not proxy op-states, events, commands, command status, or profiles between the server and the clients.
When to use a particular Group Update Provider type:
Single:
Use a single Group Update Provider when your network includes any of the following scenarios:
Your network includes legacy clients
Legacy clients can get content from a single Group Update Provider; legacy clients can also be designated as a Group Update Provider. Legacy clients do not support multiple Group Update Providers.
You want to use the same Group Update Provider for all your client computers
You can use a single LiveUpdate Content Settings Policy to specify a static IP address or host name for a single Group Update Provider. However, if clients change locations, you must change the IP address in the policy. If you want to use different Group Update Providers in different groups, you must create a separate LiveUpdate Settings Policy for each group.
Multiple:
Use multiple Group Update Providers when your network includes any of the following scenarios:
You run the latest client software on the computers in your network
Multiple Group Update Providers are supported on the computers that run the latest client software. Multiple Group Update Providersare not supported by legacy clients. Legacy clients cannot get content from multiple Group Update Providers. Legacy clients cannot be designated as a Group Update Provider even if they meet the criteria for multiple Group Update Providers. You can create a separate LiveUpdate Settings Policy and configure a single, static Group Update Provider for a group of legacy clients
You have multiple groups and want to use different Group Update Providers for each group -
You can use one policy that specifies rules for the election of multiple Group Update Providers. If clients change locations, you do not have to update the LiveUpdate Settings Policy. The Symantec Endpoint Protection Manager combines multiple Group Update Providers across sites and domains. It makes the list available to all clients in all groups in your network.
Multiple Group Update Providers can function as a failover mechanism. Multiple Group Update Providers ensure a higher probability that at least one Group Update Provider is available in each subnet.
About configuring rules for multiple Group Update Providers
Multiple Group Update Providers use rules to determine which client computers act as a Group Update Provider.
Rules are structured as follows:
Rule sets
A rule set includes the rules that a client must match to act as a Group Update Provider.
Rules
Rules can specify IP addresses, host names, client registry keys, or client operating systems. You can include one of each rule type in a rule set.
Rule conditions
A rule specifies a condition that a client must match to act as a Group Update Provider. If a rule specifies a condition with multiple values, the client must match one of the values.
Rule types
IP address or host name - This rule specifies client IP addresses or host names.
Registry keys - This rule specifies client registry keys.
Operating system - This rule specifies client operating systems.
Rules are matched based on the logical OR and AND operators as follows:
Multiple rule sets are OR'ed. A client must match one rule set.
Multiple rules are AND'ed. A client must match all the rules that are specified in a rule set.
Multiple values for a rule condition are OR'ed. A client must match one value. For example, you might create RuleSet 1 that includes an IP address rule with several IP addresses. You then create RuleSet2 that includes a host name rule and an operating system rule each with multiple values.Aclient computer must match either RuleSet1 or RuleSet2. A client matches RuleSet1 if it matches any one of the IP addresses. A client matches RuleSet2 if it matches any one of the host names and any of the operating systems.
Configuring a Group Update Provider
You configure a Group Update Provider by specifying settings in the LiveUpdate Settings Policy.
You can configure the LiveUpdate Settings Policy so that clients only get updates from the Group Update Provider and never from the server. You can specify when clients must bypass the Group Update Provider. You can configure settings for downloading and storing content updates on the Group Update Provider computer.
You can also configure the type of Group Update Provider.
Note: If the Group Update Provider runs a non-Symantec firewall, you might need to modify the firewall to permit the TCP port to receive server communications. By default, the Symantec Firewall Policy is configured correctly. Updating definitions and content Distributing content using Group Update Providers
To configure a Group Update Provider
In the console, click Policies.
Under View Policies, click LiveUpdate.
In the LiveUpdate Policies pane, on the LiveUpdate Settings tab, select the policy to edit.
In the Tasks pane, click Edit the Policy.
In the LiveUpdate Policy window, click Server Settings.
On the ServerSettings page, under InternalorExternalLiveUpdateServer, check Use the default management server (recommended). Do not check Use a LiveUpdate server. The Group Update Provider that you configure acts as the default LiveUpdate server.
Under Group Update Provider, check Use the Group Update Provider.
Click Group Update Provider.
In the GroupUpdateProvider dialog box, configure the type of Group Update Provider. (Note: Legacy clients can only use a single Group Update Provider. Legacy clients do not support multiple Group Update Providers. )
In the Group Update Provider dialog box, configure the options to control how content is downloaded and stored on the Group Update Provider computer. Click Help for information about content downloads.
Click OK.
Configuring a single Group Update Provider
You can configure only one single Group Update Provider per LiveUpdate Settings Policy per group. To create a single Group Update Provider for multiple sites, you must create one group per site, and one LiveUpdate Settings Policy per site.
To configure a single Group Update Provider
Follow the steps to configure a Group Update Provider.
In the Group Update Provider dialog box, under Group Update Provider SelectionforClient, check SingleGroupUpdateProviderIPaddressorhost name.
In the Single Group Update Provider IP address or host name box, type the IP address or host name of the client computer that acts as the single Group Update Provider.
Click Help for information about the IP address or host name.
Configuring multiple Group Update Providers
You can configure multiple Group Update Providers by specifying criteria in a
LiveUpdate Settings Policy. Clients use the criteria to determine if they qualify
to act as a Group Update Provider.
To configure multiple Group Update Providers
Follow the steps to configure a Group Update Provider.
In the Group Update Provider dialog box, under Group Update Provider Selection for Client, check Multiple Group Update Providers.
Click Configure Group Update Provider List.
In the Group Update Provider List dialog box, select the tree node Group Update Provider.
Click Add to add a rule set.
In the SpecifyGroupUpdateProviderRuleCriteria dialog box, in the Check drop-down list, select one of the following:
Computer IP Address/Host Name
Registry Keys
Operating System
If you selected Computer IP Address/Host Name or Registry Keys, Click Add.
Type or select the IP address, registry key, or operating system information. Click Help for information on configuring rules.
Click OK until you return to the Group Update Provider dialog box.
In the GroupUpdate Provider List dialog box, optionally add more rule sets.
Type a Group Update Provider IP address or host name in the Specify the host name or IP address of a Group Update Provider on a different subnet to be used, if Group Update Providers on the local subnet are unavailable text box.
Click OK.
Searching for the clients that act as Group Update Providers
You can verify that clients are available as Group Update Providers. You can view a list of Group Update Providers by searching for them on the Clients tab.
Note: You can also check a client's properties. The properties include a field that indicates whether or not the client is a Group Update Provider.
To search for the clients that act as Group Update Providers
In the console, click Clients.
On the Clients page, on the Clients tab, in the View box, select Client status.
In the Tasks pane, click Search Clients.
In the Find box, select Computers.
In the In Group box, specify the group name.
Under Search Criteria, in the Search Field column, select Group UpdateProvider.
Under Search Criteria, in the Comparison Operator column, select =.
Under Search Criteria, in the Value column, select True. Click Help for information on the search criteria.
Click Search