ITMS Administrator Group

 View Only
Back to Library

How to configure multicasting for downloading large packages in IT Management Suite? 

Aug 25, 2016 10:54 AM

About multicasting

Multicasting lets you transmit packages to selected groups of recipients. It improves package server performance on large networks and protects package servers from being overloaded, especially when distributing large packages (for example, Windows 10 cumulative updates). It also lowers the load on package servers by reducing the number of Symantec Management Agents that connect to each package server. It decreases network utilization by enabling agents to multicast package data to other managed computers.

Multicasting can reduce WAN utilization in the remote sites that do not have a dedicated package server. In such situations, only one agent (called master) needs to cross the WAN to download the package. The other Symantec Management Agents on the same site can then download the package from that agent using multicast.

The master computer is selected from the set of available computers in subnet using the ranking. The computer with the highest ranking becomes the master computer.

The following attributes increase the rank:

  • Number of CPU-s and cores, and their frequency
  • The amount of free RAM
  • OS version (higher version has higher rank)
  • Server OS (25% higher rank)

Symantec Management Agents revert to HTTP/UNC for downloading packages in the following conditions:

  • The Symantec Management Agent connection to the multicast session falls below 64 Kbytes/sec.
  • The maximum bandwidth that is used for multicasting has been reached.
  • The Maximum sessions per physical subnet value has been reached.
  • The package is smaller than the Disable multicast for packages smaller than value.
  • The master computer was not found because the computers are denied to send multicast or broadcast packets to each other.
    The most common reasons are various firewall, router, or access point limitations when IGMP protocol is disabled or not supported. Note that the IGMP snoopingsetting for your router or access point is usually disabled by default.
  • The master computer drops out during the session.
    This happens when the computer goes into standby mode or drops multicast packets. Currently, the agent reverts to HTTP or UNC download to decrease the overall download time.
  • The Disable communication at startup and after blockouts for up to option can affect the timing of client configurations and package downloads in all cases. A partial blockout for the agents prohibits download packages and interrupts the download if the download has already started. Full blockout periods prevent the agents from requesting their configuration policy, because they are unaware that the package is required or available.

​Configuring multicasting

STEP 1. Configure multicasting on Targeted Agent Settings page.

1.1 General tab

Option Description Recommended value
Download new configuration every The interval at which the Symantec Management Agent requests new policy information from Notification Server. The configuration update interval directly affects the multicast performance if theWait time to begin session option is configured using the percent value.

 

1.2 Downloads tab

Option Description Recommended value
Allow Symantec Management Agent to use multicast for downloading packages Note that having multicast turned on does not cause all package deliveries to occur via multicast. A number of caveats are controlled by this setting, and some basic operating principles that are determined by the current design of the multicasting component affect package download. Must be checked for multicast to function. Although specific package settings for multicast generally override these agent settings, if this option is not checked, the package delivery via multicast does not work.
NOTE: The options on the Global Agent Settings page must be configured properly and have valid addresses available.
By default the Symantec Management Agent should use multicast when downloading packages

If multicast is set as the default for downloading packages in the Global Agent Settings policy, this option lets you turn it off. However, individual packages may override this setting.

If the Global Agent Settings policy has multicast turned off, you cannot turn it on with this option.

 If this option is not checked, the download type is left up to the package settings.
Maximum master sessions per computer

The maximum number of concurrent sessions for which a Symantec Management Agent can be the master.

When a computer is a master for a single session, the overhead should not be significantly different from a computer that is simply receiving the package via multicast.

The default value is 1 for new policies and for all of the default targeted agent settings policies.

The recommended value is also 1, because the agent can download only a single package at a time. Any package download is preempted by another package of a smaller size. Note that starting from IT Management Suite versions 8.0 HF3 and 7.6 POST HF7 v7, the multicast session cannot be preempted.

For example: 5 packages of different sizes need to be redistributed. If all packages arrived to the agent during the same policy update, and all the agents need all 5 packages, first of all, the smallest package will be downloaded and distributed among the agents via multicast. The largest package will be downloaded and redistributed last, so downloading all 5 packages via multicast requires a lot of time. Only if different agents need to download a subset of these 5 packages, there could be a few different simultaneous multicast sessions made for packages of different sizes.
Minimum receiving computers per session The minimum number of Symantec Management Agents (excluding the master) that must join the session before package multicasting can proceed. 1
Wait time to begin session The maximum time to wait for the minimum number of Symantec Management Agents (excluding the master) to join the session, before the session times out. This value can be defined in minutes, or as a percentage of theDownload new configuration interval on the General tab.

50% of configuration update interval, and not less than 30-45 minutes.

If you want to distribute a single package via multicast, the recommended Wait timeperiod could be slightly longer than the configuration update interval. In this case, all the agents will receive the policy during that time and will have the chance to join the same multicast session.

When more packages need to be redistributed via multicast, it is not feasible to wait for all agents to join a single session. In this situation, configure the Wait time to be 50% of the configuration update interval, so that some agents would start the session even before other agents receive the policy. The agents that receive the policy later will download the packages via another multicast session from an agent from the first multicast session.

If a session times out, the Symantec Management Agents that were members of the session attempt to download the package again through multicast until the Maximum transmission attempts per package value is reached.
Number of receiving computers required to begin session before wait time has expired

The number of Symantec Management Agents (excluding the master) that must join the session to enable multicasting to begin.

This setting cannot be less than Minimum receiving computers per session. Use this setting to override theWait time to begin session option when enough agents have joined the session.

Set the value to a large number (100-200), if you want to reduce the network traffic.

If you enter a low value, a large number of small sessions will be formed. The higher number results in lower network traffic, but increased delivery time.
Maximum bandwidth to use for multicasting

The maximum bandwidth that multicasting can use per package.

The multicast master begins at a slower speed and gradually increases the speed to this value if there are no errors. If the agents receiving the broadcast discover errors, they send a message back to the multicast master where it is evaluated. The multicast master can resend the data or remove the agent from the session. Alternatively, the multicast master can reduce the amount of data that is being multicast.

10MBytes/sec

Increase when delivering large (50+MB) packages and network is capable.
Maximum transmission attempts per package The maximum number of times that the Symantec Management Agent may attempt to receive the same package through multicast. If all attempts fail, the agent reverts to the normal package download procedure.

2

In most cases, a single attempt is sufficient. However, sometimes, the package may expire at the master.
Maximum sessions per physical subnet Specifies the maximum number of theoretically possible multicast sessions that can occur concurrently per physical subnet.

50

The actual number of physical sessions will be much lower than 50 because of the asynchronous nature of multicast session negotiation, where agents that need to download the same package are getting to know each other over a period of time before forming a single final multicast session.

Before the session is formed, different agents can try creating a new session simply because they do not know yet that some other agent has already created another session for the same package. In a minute or two, these agents will receive that information, join the already existing session, and terminate the session they created before. In this situation, there can be a number of short-lived sessions that should be accounted for.

The more computers you have in the subnet, the larger this value should be. For example, for 200-250 computers you can increase the value to 75 or more.

Go above this value if you notice the following error in the logs: "CanDownloadPackage(): Multicast skipped, too many sessions: subnet/segment = 20"

NOTE: Do not forget to increase the range of TCP/IP Listener range on the Global Agent Settings page.
Disable multicast for packages smaller than Specifies the minimum package size that may be downloaded using multicast. Use the default.

 

STEP 2. Configure multicasting on Global Agent Settings page.

The Global Agent Settings page lets you to configure options that control how multicast operates within an environment. The Package Multicast settings are the IP addresses, which the Symantec Management Agents use for multicasting.

NOTE: The Package Multicast settings are applied to a managed computer only if multicast is enabled in the appropriate targeted agent settings policy.

Note that Tickle / Power Management is separate from Package Multicast, even though the settings are similar. The Tickle / Power Management option is not required for package multicasting; however, these options should not use the same TCP/IP multicast address port as the package multicast address/port combination, nor should they be in the TCP/IP listener range unless there is a TCP/IP Exclusion range defined.

2.1 General tab

Option Description Recommended value
TCP/IP multicast address The IP address that the Symantec Management Agents use to listen to multicast negotiation messages on the network.

Default value.

This is the address on which the request for packages goes out. All multicast-enabled agents monitor this address for package requests.
TCP/IP multicast port

The port number that the Symantec Management Agents use to listen to multicast messages on the network.

The TCP/IP multicast port number must be between 1024 and 65535.

 Default value.
TCP/IP Listener range

The range of IP addresses from which a multicast session chooses an address to use during the multicasting of the package by the master. You can add new ranges and specify the appropriate IP addresses for each range.

There must be at least one listener IP address range specified that cannot be deleted.

Increase this range to double the number of addresses that the setting Maximum sessions per physical subnet has.

Increase this range if there are exclusion ranges.
No TCP/IP Exclusion range defined

The range of IP addresses that cannot be used for multicasting. You can add new ranges, and specify the appropriate IP addresses for each range.

The Exclusion IP address ranges can be a subset of Listener IP address ranges but not vice versa.

None.

Add only if there are other multicast operations occurring on specified addresses, or there are problems using certain addresses.

 

STEP 3. (Optional) Configure multicasting for Patch Management

To use multicasting when distributing software update packages, configure the multicasting on the Windows Patch Remediation Settings page.

On Packages tab, under Package Defaults, check Use multicast when the Symantec Management Agent's multicast option is enabled.

STEP 4. (Optional) Configure multicasting for Software Delivery

To use multicasting when distributing software, configure the multicasting on the Managed Delivery Settings page.

On Download tab, select one of the following options:

  • Use the default Symantec Management Agent settings to download
    Lets you download the package with the settings that are defined on the Targeted Agent Settings page.
  • Use the following settings to download and run
    Lets you override the download settings that are defined on the Targeted Agent Settings page.

Maximizing the number of downloads done via multicast

To maximize the number of downloads done via multicast, configure the following multicast options as follows:

  • Set the Maximum sessions per physical subnet value to 50 or more. You can set it to 100, if you have more than 200 computers in the subnet.
  • Set the Number of receiving computers required to begin session before wait time has expired to a value larger than the number of computers in the subnet.
  • Set the Wait time to begin session value to 50-75% of configuration update interval. Note that the interval should not be smaller than 30-45 minutes.

Other things to know

Multicast works as described in this article with the following IT Management Suite versions:

  • ITMS 7.6 POST HF7 v7
  • ITMS 8.0 HF3

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Tomasz Woźniak
Apr 24, 2017 05:34 AM

Starting from 8.x version, Symantec introduced peer-to-peer technology. It cannot be used toghether with multicast. It is aimed to support situation just like Windows 10 updates.

Symantec makes a lot of marketing noise about it. However those technologies seem be helpful only on sites without Package servers.

Related Entries and Links

No Related Resource entered.