Endpoint Protection

I am currently in the process of testing SEP 11.0. Our network topology is such that we have a slow link (864kbps) to each of 50 or so sites. Under our old configuration, we hosted SAV centrally and it pushed vdefs to all of the end point machines individually. In an effort to save bandwidth is it possible to setup perhaps a staging server at each one of the 50 sites that the client machines at each site could receive updates from instead of the central server? Each site has approximately 20 clients. 20 clients attempting to receive or be pushed to ends up being a lot of bandwidth and punishes the locations performance. 

You will want to set up GUP's for your remote
networks Take a look at the Group Update Provider KB.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/cb487ea7138bf8d24925763f00708be0?OpenDocument

As thomas mentioned earlier you can Use GUPs it works like Secondary servers of SAV 10.x

GUP will be a normal client promoted to perform additional Role. It will download definitions from Central Management Server ( SEPM ) then it will distribute the definitions locally to the clients in its group.

The GUPS are your answer as mentioned above, twice.  But also make sure to keep more versions of the definitions on the GUPs as possible, this will save from a massive bandwidth spike when machines are off for an extended period of time.  I usually set my setting for around 15-20 revisions.  

Thanks for the help everyone.

I want to use the multiple group update provider option. Can anyone explain the example format to me (hostname option)?


Example: gup???server*

Also, will this mean that I have to maintain 50 policies for each one of my locations so that clients at all 50 locations know to receive their updates from the local GUP? Or is the system smart enough to search locally for the GUP on the current subnet so I can use a single policy to manage all 50 sites?

Check these 2 articles
https://www-secure.symantec.com/connect/articles/configuring-group-update-providers-symantec-endpoint-protection-110-ru5

https://www-secure.symantec.com/connect/articles/whats-new-group-update-providers-ru5-release-symantec-endpoint-protection-110

Excellent articles. I did not find the same info in the Administration guide. Perhaps I am still using and older release version.

Aniket Amdekar has some excellent videos as well:

https://www-secure.symantec.com/connect/videos/group-update-providers-part-1
https://www-secure.symantec.com/connect/videos/group-update-providers-part-2

I have successfully setup a test GUP. I can see that it is now functioning as a GUP based on the fact that the SharedUpdates folder is being populated by content. It is on a unique subnet along with one other workstation running SEP. As far as I can tell, the client machine is still using the SEP server as I have not seen a message in the system log for SEP stating "Start using Group Update Provider (proxy server) @ XXX.XXX.XXX:2967." Does anyone have any troubleshooting tips for me to try?

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009110311145748

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040113243148

hope these are helpful

Well I see the request was sent to the GUP. I am not sure if it was successful or not. Here are the results from the Sylink.log file I produced via the instructions posted above. Can I be assured that this particular SEP Client received the update from the GUP?