Symantec Management Platform (Notification Server)

 I want to throttle agent bandwidth in NS7.  The settings screen shot is below.  If I set the throttling period and configure a % or KB/s, is the bandwidth allowed per agent?

For example, let's say I have a remote location with 5 agents.  The location uses a T1 line.  I set the throttling period and configure 10% for the bandwidth throttle.  Will all 5 agents use a total of 10% of the T1 bandwidth? OR, will the 5 agents use 50% of the total T1 bandwidth?  I want to make sure I don't cripple our WAN.

Also, let's say in an emergency I want push software without the throttling.  Is there an easy way to quickly disable throttling and then re-enable when ready?  Thanks for any input.

Percent uses up to a percentage of the computer's download rate; KByte/sec sets up to a fixed download rate.  The percentage-based download rate is based on ping to the NS, to be very basic in an explanation.  The below KB articles have more information.

To me, I'd say percentage-based is more about ensuring that the user has a quality experience.  If you say Altiris gets no more than 25% of bandwidth, the user still gets the remaining 75% for e-mail, data, and Hulu.  If you have 20 users at an office and set it to 2.5% so that they never use more than 50%, that will work -- but you're probably throttling needlessly at times.

By using a static download rate, you could do the math based on T1 rate divided by number of users = x KBytes/sec.  This ensures quality of service for the office.

You may want to set up site servers at each office.  If you have 13 users, set up an always-on desktop as a site server.  It will download software and patches and files, then clients will get it locally from that site server.  It doesn't need to be a server OS -- XP SP3 is supported.  This could solve your throttling concerns.

If you have a packet-shaping device or firewall capable of prioritization at the site, you could fit Altiris into a certain traffic priority and manage bandwidth in that manner as well.

If you wanted to push in an emergency, override for the task or policy.  If a task or policy has a Download tab under Advanced Options, this is where you set the override.  For example, in a Managed Software Delivery policy, click on the software that's part of the MSD (e.g. Symantec Endpoint Protection 11), then click Advanced Options.  Under the Download tab, change the radio button from 'Use the default Altiris Agent settings to download' to 'Use the following settings to download and run.'  You can then run from the server or download locally and then run by choosing either option and then something like faster than 1Kbps for your connection speed.

Your best bet is to use site servers where appropriate, based on connection speed of the site, and to also throttle agents to ensure quality service.  You'll have to make your decision on what KByte/sec rate you want to reserve for Altiris based on your requirements for Altiris management.

http://www.symantec.com/business/support/index?page=content&id=HOWTO1479 and http://www.symantec.com/business/support/index?page=content&id=HOWTO8317 may have additional information on how it obtains the download rate.

Thanks for the great explanation.  I think the best solution for Altiris in the long run is deploying site servers at remote locations.  The only issue is I have 2000+ sites.  I am assuming there would be an easy or automated way to deploy the site servers.

In the short term, the remote locations all use Cisco ASAs.  It may be easier to configure the throttling on the Cisco boxes.