Symantec Endpoint Protection (SEP) Group Update Providers (GUPs) Selection Examples

Article:TECH198702  |  Created: 2012-10-22  |  Updated: 2012-11-15  |  Article URL http://www.symantec.com/docs/TECH198702
Article Type
Technical Solution


Issue



As mentioned in TECH198640: "Understanding "Explicit Group Update Providers (GUPs) for Roaming Clients" in Symantec Endpoint Protection (SEP) 12.1.2", SEP 12.1.2 includes a new "Explicit Group Update Providers (GUPs) for Roaming Clients" feature.

 
This article provides example scenarios that describe which GUPs will be selected by the Client in the given environment, and whether the selection will be made as a result of the new "Explicit Group Update Providers (GUPs) for Roaming Clients" feature, or whether it will be the result of the current GUP selection logic.

Solution



 Scenario 1

 

  • Laptop in Amsterdam (Amsterdam Subnet 192.168.10.0)
  • IP Address: 192.168.10.1
  • Subnet Mask: 255.255.255.0
  • This laptop currently uses a local Amsterdam GUP with IP Address 192.168.10.200

 

If the user travels to Los Angeles or San Francisco, the plan is for the Client to use a North American GUP (in the 172.10.10.0 network). 

If it were configured like this (sort of following the "roaming clients" idea), the effect would be that the local GUP settings - that would still contain the local GUP - would take precedence.

  • "Client subnet 192.168.10.0 Map to Explicit GUP  172.10.10.200 (or any other in the 172.10.10.0 network)"

Result:

The Client would still use the Amsterdam GUP, if the user has not actually travelled yet.

 

 

GUP Selection logic

  • Single or multiple GUP within the Client's subnet will be used first. 
  • The local GUP will override the above mapping that might indicate that the Client would be using that North American GUP while it was actually still in Amsterdam.

 

 
Scenario 2
 
  • The user actually travels to Los Angeles,and will get a 172.10.x.x IP Address when connecting to the local LAN.
  • The North American GUP  172.10.10.200 is present and available.
  • The GUP the Client uses will be the one that it selects from the GUP list that the SEPM provides.
  • The North American GUP 172.10.10.200 should be on that list.

Result:

The Client will select The North American GUP 172.10.10.200 automatically (it would also be on the GUP list when the Client was back in Amsterdam, but would have been discarded it because there was a local GUP it could connect to)

The GUP selection will not be based on the "Client subnet 192.168.10.0 to Explicit GUP  172.10.10.200 mapping", because the Client won’t be on the 192.168.10.0 network anymore if it connects to the Los Angeles LAN.

 

GUP Selection logic

  • The Amsterdam Laptop has a North American dynamic IP address, so it will point to the North American GUP. This behavior is not new to SEP 12.1.2.

In this scenario, although the Client gets the desired local GUP while travelling, it is not because of the "Explicit GUP for Roaming Clients" configuration above.

 

Scenario 3

 

  • The user travels to New York
  • IP Address: 10.10.10.15
  • Subnet Mask: 255.255.255.0

The Client is configured to use a GUP, but:

 

  • There is no Local GUP Present in the New York Subnet
  • The GUPs with IP Address 192.168.10.200 and 172.10.10.200 will be disregarded from the gup list (because they are not in the local New York subnet)
  • No Explicit GUPs are mapped for the New York Subnet.

 

Result:

The Client will fail over to SEPM or LiveUpdate (if so configured)

GUP Selection logic:

  • There is no local GUP available to select
  • There is no Explicit GUP available to select
  • The Client falls back on configured options.

 

Scenario 4

 

  • The user travels from New York back to Amsterdam
  • The Client gets an IP Address in the 192.168.10.x range (Amsterdam network)
  • The Gup list will have GUPs 192.168.10.200 and 172.10.10.200

Result:

The Client will select GUP 192.168.10.200

 

GUP Selection logic: 

  • Single or multiple GUP within the client's subnet will be used first. 

 

 

 

Scenario 5 (Slight changes to the above Scenario 3)

 

  • User stays with the laptop in New York
  • IP Address: 10.10.10.15
  • Subnet Mask: 255.255.255.0

The Client is configured to use a GUP, but:

  • There is no Local GUP Present in the New York Subnet
  • Explicit GUPs are configured: "Client subnet 10.10.10.0 Map to Explicit GUP 192.168.10.200  (or any other in the Amsterdam 192.168.10.0 network)"
  • Gup list will have GUPs 192.168.10.200 and 172.10.10.200

Result:

Client selects Amsterdam GUP 192.168.10.200

 

GUP Selection logic: 

  • In this case The Explicit GUP option causes the Client to select the Amsterdam GUP.
  • This scenario is similar to the ones described in TECH198640: Understanding "Explicit Group Update Providers (GUPs) for Roaming Clients" in Symantec Endpoint Protection (SEP) 12.1.2

 

 

 

 

 

 

 

 





Article URL http://www.symantec.com/docs/TECH198702


Terms of use for this information are found in Legal Notices