Endpoint Protection

We have about 50 sales centers across the country with any where from 1-3 computers in each, totalling maybe 100 computers with SEP 11.0.4202.75 running on them. They are configured to pull updates from a GUP that is located in our Co-lo in California. The problem is that the majority of these sites only have a 256k circuit and we monitor the connectivity to their routers with WhatsUp Gold....for some reason there is seriously bad ping latency when they would pull updates from the GUP. It would throw alerts at us that the site was down when the latency would hover around 3,000ms!  Granted, the computers were very close to maxing out the bandwidth available at the sites but we've never seen these alerts when copying large files before.

I created a test group in the SEPM console and moved all of the sales center computers to it and attached a LU policy that would pull updates from the management server instead of a GUP. The computers started pulling updates at the same speed (around 29KBps) as before but now the latency is not an issue (only goes over 1,000ms a handful of times during a 30 second ping test) and the alerts have stopped.

What is the difference between pulling updates directly from the management server and from a GUP that it could cause these latency problems? 

If you want to do a GUP you may want to look at RU5.  One of the enhancements to the GUP there is the ability to throddle its bandwidth.  If you did that upgrade it may solve your problems.

Other than that my guess is that the GUP has to pull a full definition set down when it updates for both 32 and 64 bit and the clients can pull microdefs which are much smaller.

What is the difference between pulling updates directly from the management server and from a GUP that it could cause these latency problems? 

When a client takes update from SEPM then a lot  of WAN traffice ( in case of multiple sites) is used. The Client come to the SEPM over the WAN totake the update
In case of a GUP a local computer at the local site is assigned  aGUP ,It takes update from SEPM and give it to the Clients so the Clients do not habve to come to SEPM to take the update as the same is given to them locally THUS saving alot of banwidth


Title: 'Symantec Endpoint Protection 11.0 Group Update Provider (GUP)'
Document ID: 2007092720522748
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007092720522748?Open&seg=ent



Title: 'Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP).'
Document ID: 2009050510573148
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009050510573148?Open&seg=ent

 

 Rick, what is RU5? I thought we were already running the latest version of SEP. I don't believe it's a file size issue since the clients pull the updates at the same speed whether from the GUP or from the management server...it's just when pulling from a GUP that the latency is horrible at the site that's pulling updates.

 Prachand. I understand how GUPs work but I can't have a GUP at each site...that's just unrealistic. All sites have to pull updates over the WAN, I just can't figure out why there would be that big of a difference whether pulling from GUP or the management server.

RU is the new version of SEP . It  other words it is SEP MR5. It was released on 21 sep,2009


Title: 'Nomenclature change for Symantec Endpoint Protection releases'
Document ID: 2009090413313448
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009090413313448?Open&seg=ent