The popular knowledgebase article Configuring LiveUpdate Administrator (LUA) to download updates from another LUA Server (http://www.symantec.com/business/support/index?page=content&id=TECH105741) states:
"Though it is possible to configure LiveUpdate Administrator to download needed updates from another LUA server, it is generally not recommended to use this configuration."
A frequent question is: "Why not?"
Here's an informal, unofficial way of understanding the nature of LiveUpdate Administrator, and why it is not a good idea to daisy-chain these servers:
Imagine that you look after a house (network environment) and all of the happy little residents (Symantec Endpoint Protection clients and other Symantec products) who live there.
From time to time, these sturdy little characters get hungry and need to consume to stay healthy (download and process new updates)... some more often than others!
Each also has its own separate foods that it will eat and dietary restrictions (different content for different products and components).
Now, as the responsible parent (admin) you've got to ensure they all get fed, and fed the stuff they need. All of these little guys can run straight to the big supermarket (LiveUpdate source servers on the internet) but that is a bit repetitive... a lot of people cramming into the same place for the same stuff, several times a day... streets get crowded, shopping carts crash into one another, a lot of pushing and shoving and pulling of hair (bandwidth issues, servers overloaded, etc).
Now: imagine you add a refrigerator to your particular house. (The LUA server is one solution.)
You can order the housekeeper to jump in the station wagon, drive to the supermarket several times a day, and get everything everyone needs (configure a scheduled download task). This loyal housekeeper can bring the whole shopping list home (download what your organization needs) and put it where everyone knows where to get it (distribution task). Instead of running all the way to the supermarket, everyone just opens the fridge, grabs some convenient grub and whistles a merry tune, satisfied.
Now, it IS possible that you can keep your whole house fed by raiding your neighbor's fridge rather than going to the supermarket (downloading from another nearby LUA server). One problem here is that what's in your neighbor's fridge is probably not as fresh as what's in the supermarket. (Updates may not be the latest). Also: who can guarantee that their fridge has exactly what your household needs?
Plus, the neighbor may not be too happy about you showing up and grabbing what they have (permissions issues, access trouble!)
That's why it's always recommend going to the supermarket (Internet LiveUpdate source servers) --- it is open 24 hours a day, and there you will always find the freshest goods, with friendly service, and no permissions trouble.
Some further points to this analogy....
- Just because you have gone shopping and brought all the groceries home (downloaded the updates) does not mean that everyone will automatically find them. You must bring the bags in from the car and pack them away (distribute the updates) to the places where everyone goes looking for the food.
- Not all food is stored in the fridge. After you take your goodies home, you put some in the cupboard, beer goes into the beer fridge upstairs, cleaning products get stored under the sink far away from the food, some items go into the freezer in the basement.... (One LUA server can have up to 100 Distribution Centers, and different products can be configured to retrieve from different DC's)
- Why use your grandmother's old ice box when you can have a brand-new state of the art fridge? The latest, most up-to-date model is always being given away for free. (Call Technical Support and they will be able to provide the latest LUA 2.x to almost all Symantec customers with a valid contract. There is no charge.)
- Today's modern fridges have HUGE capacity- and the housekeeper can deliver goods from it to rooms all over the mansion! (In even the largest enterprise organization, only one LUA 2.x server is usually needed. Rather than add additional daisy-chained LUA servers, it is generally better to create new Distribution Centers and configure scheduled tasks to keep them up-to-date.)
Finally:
- Not every residence needs a refrigerator. Perhaps this is not a house, but a hotel where both room and board is included. The restaurant staff will take care of all necessary shopping and preparation: everyone automatically knows where to go for their meals. (An all SEP environment where the SEPM can keep all its clients up-to-date without the need of the optional LUA server tool.)
LUA 2.x is a fantastic, reliable product- when it is used correctly. Here are some official Symantec articles full of advice on configuring LiveUpdate Administrator 2.x for your network:
Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture
Article: TECH92051
Article URL http://www.symantec.com/docs/TECH92051
Best Practices for LiveUpdate Administrator (LUA) 2.x
Article: TECH93409
Article URL http://www.symantec.com/docs/TECH93409
When is it Recommended to Use LiveUpdate Administrator 2.x with Symantec Endpoint Protection?
Article: TECH154896
Article URL http://www.symantec.com/docs/TECH154896
Many thanks for reading! Please do leave comments, below, if you find this analogy helpful or unhelpful.