Endpoint Protection

 View Only

  • 1.  Client version updates & upgrades

    Posted May 20, 2010 05:33 AM
    I am a third line technical admin at a medium size business and have just taken over the support/admin of our Symantec Endpoint Protection setup. We have a single SEPM server with 20 group update providers, with the SEPM server being at the centre of our star network and the GUP's being at the opposite end of each of the star links.  From the support documentation left me by the previous analyst who supported the product the SEPM server performs the definition updates, supplies these to the GUP's and these supply the updates to the 3000 windows clients over all the 20 sites.  I recently updated the SEPM from MR5 to MR6, to resolve an issue with various clients. As the client update was required on over 50% of the PC's it was decided that we would update all to the latest version at the same time.

    My question is can you configure the system in anyway to perform the client upgrades via the GUP's, as when we applied it to the setup above all the 3000 clients appeared to download the client upgrades from the SEPM server.  This resulted in all our wide area links being overloaded, and business critical websites being unusable.


  • 2.  RE: Client version updates & upgrades

    Posted May 20, 2010 05:47 AM
    Currently you cannot distribute the upgradation package through GUP.There is a product enhancement request is present in the idea section of this forum .So in future version we may get this feature...


  • 3.  RE: Client version updates & upgrades

    Posted May 20, 2010 06:29 AM

    My question is can you configure the system in anyway to perform the client upgrades via the GUP's,
    ---No it is not possible. GUP is desiganted only for CONTENT update

    You can schedule the auto upgrade. You can select one group at a time and the assign the pacakge , wait for that group to update then gor for the other group.


    Title: 'Upgrading clients by using AutoUpgrade'
    Document ID: 2009101503293948
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009101503293948?Open&seg=ent



  • 4.  RE: Client version updates & upgrades

    Posted May 20, 2010 08:14 AM
    Hi Phil 8690,

    It might be worth mentioning that we have a similar situation here, many sites 6500 clients, 113 GUPS...

    We use the 'Download Source' option in the 'Install Package' tab to specify a location for the update. we then copy via Altiris the 'setup.exe' SEP install file to the 'wwwroot' IIS folder of the GUP.

    You have to specify a GUP path to use, but this keeps the update local to that site.

    From the help article:

  • Download the client package from the following URL (http or https)

    Downloads the package from a Web server that you have configured with the update. This update must be a single executable file or zip file. Only HTTP and HTTPS are supported.

    Regards,

    Paul



  • 5.  RE: Client version updates & upgrades

    Posted May 20, 2010 08:34 AM
    Paul thanks for the update.  Just a quick question how do you handle 32bit and 64bit OS variants.

    Regards
    Phil


  • 6.  RE: Client version updates & upgrades

    Posted May 20, 2010 08:50 AM
    Phil,

    At present i am lucky and all clients are 32bit, although that is soon to change.

    I haven't had to do this for 64bit clients, although i appears that when you export the install package for 64bit you should add a reference to '64bit' in the exe name and then reference the '64bit' .exe in the 'downoad source' URL path. So the IIS WWWroot would have two setup files, one 32bit and one 64bit.

    I was advised that the SEPM uses the relevant file based on installed OS.

    best of luck.

    Regards,

    Paul


  • 7.  RE: Client version updates & upgrades

    Posted May 20, 2010 09:30 AM
    Paul a couple of final questions and then I will leave you alone.

    I can see how Liveupdate setting are configured and how you can assign these to "locations" that are then tied to GUP's. I am struggling though to see how you link client install packages to the same location and GUP combinations.

    1) Do you manually create your sites as groups and then manually assign clients to these groups, and then assign install packages to these groups.
    2) Do you have many laptop/mobile users that move around sites/groups on a regular basis. If so how do you decide which group that should sent them updates.

    REgards
    Phil


  • 8.  RE: Client version updates & upgrades
    Best Answer

    Posted May 20, 2010 10:26 AM
    Phil,

    Here we Sync SEPM with AD, that creates all the OU's in SEPM. We only really have two locations, 'in office' or 'out of office' based on client information, in the office uses a live update policy that uses a GUP.

    Our GUP's are defined by a registry key which makes use of the new GUP list feature added in RU5. A client will choose a GUP based on it's network location.

    This however has nothing to do with the update packages (install packages) as these are set on the OU level. If a client chooses to roam to another site then this will mean that the update may not be local, but in the majority of our cases this has worked fine. This is why the feature request for client version updates from local GUP's will be a great addition to SEPM.

    We have also set a dedicated machine to be the 'optional GUP' if no other GUP exists for the site, in the live-update policy to catch clients such as 3g.

    Best Regards,

    Paul


  • 9.  RE: Client version updates & upgrades

    Posted May 20, 2010 10:40 AM
    Paul thanks for the updates