Endpoint Protection

I have a customer with about 50 computers.  I am in the process of setting up a new Windows server (Windows Server 2008 R2 (64 bit)) onto which have downloaded and installed the Endpoint Management v11.x software using the default configuration.  I removed a "typical" client computer from my customers environment for a couple of days to test the server and was able to deploy the new software to the client successfully.  So, now comes my question:

Before I put the new server into production, I want to be confident that the client software will be updated correctly.  I want to minimize the bandwidth impact on the site by having a centralized repository of software updates accessable within the site.  I certainly don't want 50 computers all pulling their updates from the Internet at the same time!  That would be pretty ugly.  Anyway, my thought was to set up a LiveUpdate server and let the clients pull their updates from that system.  So, I downloaded LiveUpdate Administrator and installed it on the same server running the rest of the EndPoint Protection software. Over the past few weeks, I've been struggling with LiveUpdate Administrator. I've set up an update job to run in the wee hours of the morning but it always fails part way through the job.  The job only contains the EndPoint Protection product, minus the Macintosh subparts since my customer doesn't have Macintosh computers on site, but I have noticed that several of the component parts download properly while a few fail with the message of "Corrupt".  The same thing happens when I run the job manually.  So, I'm beginning to question if there isn't a better way to handle these updates - maybe I'm making this too difficult.  If anyone out there who is more knowledgeable about this issue has a better idea - I certainly would benefit from hearing about it.  I really need to get this new server into production and I really don't want to try to fix a lot of issues after it is in place.  I want to thank everyone in advance for any suggestions they can provide.

yes you are making it complicated..

install sepm

sepm will download defs and distribute it to clients.

dont install luadmin on the same server as sepm, as both will download and its waste of space.you dont have any mac clients too, so there is no use of luadmin

once installed clients will pull it from sepm with default

if you want to change

go to sepm

open policies.

liveupdate policy, check to user sepm or go to external Live update.

I agree with what Rafeeq is saying. You are probably putting too much thought into the process. I manage over 400 clients with one SEPM through a 10 meg internet pipe. The SEPM will download the definition set for the day and then begin to distribute it throughout the day. Furthermore, if your clients are all pretty recent, and you have your SEPM configured properly even if all 50 devices attempted to pull from the internet instead of the SEPM at the same time, they would most likely pull less then 400 kb per client per day in delta updates. According to my calculations thats about 13-15 megabytes.

Right now, I am looking at my SEPM's CDM and there have been 748 delta files pulled from the SEPM that accounts for only 228.4 megabytes. 50 clients is pretty negligible as far as bandwidth usage goes unless they are pulling full vdefs every day for some reason.

Ditto what they all said.  Make sure in the LiveUpdate policy that is applied to the group that all these clients reside in, that it is set for 'Use the default management server'

that's all.

Hi Jim.

The LUA 2.x issue that you mention is most likely a known one.  This KB describes the one I am thinking of:

Intermittent "Package is not trusted" errors for various product update files during LiveUpdate Administrator 2.x download phase (http://www.symantec.com/docs/TECH141217)

LUA 2.3, which is expected to be released next month, will contain improvements in code to help eliminate those errors and the resulting "corrupt" files.

Also see: Best Practices for LiveUpdate Administrator (LUA) 2.x (http://www.symantec.com/docs/TECH93409)

Please note: LiveUpdate Administrator 2.x can be of great assistance in environments which host a mixture of Symantec products (SEP, SAV, SMSMSE, and Scan Engine, for example).  In environments where SEP is the only Symantec product that must be updated, a LUA 2.x server is usually not necessary.  The SEPM and GUPs can efficiently download and distribute all necessary updates without the need of LUA 2.x.  For more information please see Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture

Hope this helps!

Thanks and best regards,

Mick

Thank you all for the valuable suggestions!  I thought I was making it harder than it had to be. I will uninstall LiveUpdate Administrator and check each of the items mentioned in the comments.

Thanks again for your suggestions!