Endpoint Protection

Hi All,

I have applied Live Update policy as:

  1. Using "Use the Default management server">>Group Update Provider>>Single Group Update Provider.

  2. "Maximum time that clients try to download updates from a Group Update Provider before trying the default management server: is set to Never".

Let say a client comes online after 30 days, & we have kept the no. of content revision as 60, which would roughly equals to 3 weeks. So, in that case, I guess, My GUP won't be able to provide update to this machine as it would be having deltas upto 3 weeks only. And as I have chose - "Maximum time that clients try to download updates from a Group Update Provider before trying the default management server: is set to Never"., then in this situation it won't go to my SEPM also. Please correct me, if I am wrong.

So, would the client would be left outdated?????

Yes but what you want to do is create another location for OFF NETWORK for exasmple. Assign a LiveUpdate policy that forces the client to out to symantec LU and get updates while not connected to your internal network.

Hi Brian,

Thanks for your reply. I want to know, if this machine comes online after 30 days & my GUP as well as SEPM is not able to provide updates according to the policy configured. Then, it won't be able to take updates, right?

Also, let me know, how could I configure this OFF NETWORK policy.

In your above scenario, the client will still update via the GUP, but it will grab the full def package instead of a delta.

The crux is in the understanding of what a GUP does.  The GUP is not a local repository holding historical defs for whatever clients happen to need.  It is a proxy cache for defs coming from the SEPM.

Hi SMLatCST,
 

Thanks for replying. Yes, I agree the client will grab the full def package instead of a delta.But, let say he GUP is having defs upto 20 days only & the client is outdated from last 30 days, then???? would it be able to get updates from GUP?

Yea it won't get updates if offline for that long and you do not have another location/policy to grab updates from Symantec. It will pull down a full package from the GUP when it comes back on.

You need to use location awareness to create multiple locations with different policies assigned:

Best Practices for Symantec Endpoint Protection Location Awareness

No, your client won't be left outdated.

Your client will always communicate with its SEPM. The "Never" setting you mentioned only means that the client does not download the content from the SEPM but from the GUP.

In your case the client will talk with its SEPM and determine that the SEPM is not able to deliver delta files. So the client will request a full content file (about 550 MB). This file will be downloaded by the GUP from the SEPM and then by all clients that need it from the GUP.

However, in the current version of SEP (12.1.6 and above) it's possible to globally forbid full downloads, but that seems to be something for troubleshooting. And it's possible for the clients to download delta files from the internet if the SEPM is only able to deliver full contents.
 

Essentially the process of updating via a GUP goes like this:

1. Client checks into SEPM
2. SEPM tells client what file to download to udpate to latest defs
3. Client asks GUP for file
4. GUP grabs file from SEPM
5. Client gets file from GUP

In acting as a proxy cache, the update process is able to skip step 3 if mroe than one client asks for the same file, and this is how the GUP helps minimise network load.

It has no benefit if every client machine asks for a different file (delta).

It acts the same regardless of if the file is a delta or a full def file.

Brian is talking about Location Awareness when he mentions the Out of Office policy.  More info on that below:

http://www.symantec.com/docs/TECH98211
http://www.symantec.com/docs/TECH97369
 

The GUP doesn't keep "Revisions" based on the setting "No of revisions to keep" that is set in the SEPM. The GUP only keep Full or delta definition "Files" for certain number of days (2 by default) based on the setting "Delete files that are unused for X days" that is available in the GUP settings of the liveupdate policy.

SEP clients that are set to download the latest definitions as and when they are available will be directed by the SEPM to download either the latest delta (which is the difference between the definition on the client and the latest definition available on the SEPM) OR the Full definition. In cases where the SEPM directs the client to download the delta, the client will go and ask the GUP of that exact file that the SEPM to;d the client to download. The GUP will check if that file is already in the cache (which is possible if the same file was requested by another client previously on the same day). If the file exist in the cache, the file will be given to the GUP. If NOT, the GUP will contact the SEPM to download that file and then will give iot to the client. Note that the GUP cannot create the this file by merging the different delta files that oit already had.

GUP doesn't have the capability to create or merge existing definitions (on the cacche) to create new definition that are requested by the clients. For example, if the GUP already has 2 different definitions, say delta(X-Y) and delta(Y-Z) and if a client requests the GUP for delta(X-Z), the GUP can Neither merge the delta(X-Y) and delta(Y-Z) to create delta(X-Z) Nor send the delta(X-Y) and delta(Y-Z) to the client as a response. On such requests, the GUP will contact the SEPM and download delta(X-Z) from the SEPM and then will give it to the client.

It is the SEPM which decides whether a client should take delta definition or FULL definition. NOT the GUP OR the client.

For your Question of "Whether the client will get definition after 20 days or not?", the answer is YES, IT WILL. For the given condition, the SEPM will not be able to create a delta definiton (which, in any case has to be given to client via GUP). Hence it will direct the client to download the latest FULL defninition from the GUP. The client will hence download the FULL definitnion from the GUP today and will start to download the delta definitions from the next updates.