SEP SBE .Cloud: Local Update Hosts and their Implementation
|Article:TECH212347|||||Created: 2013-11-08|||||Updated: 2015-02-17|||||Article URL http://www.symantec.com/docs/TECH212347|
In environments where bandwidth is limited, it may be favorable to limit the number of machines which connect to the internet for updates in which case we recommend enabling Live Update Hosts (LUH). Clients defined as LUHs download virus definitions and software updates from the internet and redistribute them locally to the rest of the machines in their purview.
Network Topology Considerations
Make sure to consider network topology before implementing LUH configurations. We recommend configuring at least one LUH at every physical location to ensure that clients aren't crossing network segments attempting to contact LUHs at different locations.
Assigning Clients as Live Update Hosts
Once network topology has been considered and specific clients have been designated to serve as Live Update Hosts they will need to be defined as such in the Hosted Endpoint Portal and have the Local Update Host service installed, to do so:
- Log in to the Hosted Endpoint Portal.
- Navigate to the "Computers" tab.
- Find the client which should be designated as a LUH and click on the client name.
- This will open the "Computer Profile" entry for the client, click on the "Enable as Local Update Host" link.
- This will bring up a popup window asking to confirm the client should be enabled as an LUH, click "Continue."
- It will take a few minutes for the client to download the LUH components and apply settings. By refreshing the "Computer Profile" page a few minutes after applying the settings it should be possible to verify the client LUH status and confirm that it is online.
Local Update Host Policy Considerations
The default System Policy in the Hosted Endpoint Portal will direct clients to communicate with any available Local Update Host in the environment. It is possible for the network to be configured in such a way that using this setting will result in clients trying to connect to LUHs in different physical locations or on different network segments, increasing their bandwidth usage and defeating the purpose of implementing LUHs.
There are three different options available for LUH configuration in the System Policy:
- Connect to any available local update host(s) - clients will indiscriminately try to connect to any local update host they can reach on the network.
- Do not connect to any available local update host(s) - clients will all connect directly to the internet for updates.
- Specify the local update host(s) for this group - clients will connect to specific local update hosts depending on the group they are in.
In situations where there are client machines in multiple locations which should be limited to using specific LUHs, we recommend creating a group for each location and creating a System Policy for each group to define which particular LUHs should be used.
For instructions on creating groups and moving clients into them see TECH212340.
In order to create individual System Policies determining which LUHs are to be used by clients in a particular group and assign them use the following process:
- Log in to the Hosted Endpoint Portal.
- Navigate to the "Policies" tab.
- Click on "Default System Policy"
- In order to edit the policy click the "Save a Copy" link.
- Name the policy something unique so that it can be identified later and add a description (optional).
- Under the Local Update Service section, check "Specify the local update host(s) for this group."
- Highlight the local update host which should be assigned to the group (multiple can be selected simultaneously by holding control and clicking).
- Click add. The Local Update Host should now appear in the "Assigned local update host(s)" column on the right.
- Under "Groups," check the box for the group to which the policy should apply.
- Click "Save & Apply"
This process will need to be repeated for each group in the environment.
Article URL http://www.symantec.com/docs/TECH212347