Endpoint Protection

If you have your Liveupdate policy for managed clients to use the default management server, does that mean there is no way to schedule when a managed client retrieves its updates?

If I look at the Schedule section, once the management server is selected everything in the Schedule area is greyed out.

And at the top it says

"Enable the scheduling of automatic downloads from LiveUpdate servers.  The schedule settings to not control downloads from the default management server, from Group Update Providers, or from third party content management tools."

This seems to imply that once set to management server you will not be able to schedule when the clients do their updates.  It is fully automatic and can be very unpredicatable.

What I'd like to see is the Management server viewed as an internal LiveUpdate Server and the capability to tell clients when to update.    This would be very helpfull when servers are using the managed agent or in environments with low bandwidth connections.

Automation is nice, but first and foremost, actions should be well understood, predictable, with the ability to modify.  A sudden spike of resources at the wrong time, creates really big issues.

Hi,

with the right tuning you can get the best performance and the best reliability.
First of all the SEP clients download only the differences between the definitions, it means only 200-300 KB that are not a serious issue in a normal LAN.
It is better if you improve the number of versions of definitions to keep in the SEPM to improve its ability to generate the necessary difference (Admin > server > local site > properties > LiveUpdate > from 3 to 10).
Of course if you have a very big LAN or clients on remote sites you can tune the communication settings: SEPM > clients > policies > communication settings > move from push to pull mode, tune the heartbeat, tune the randomization.
Another important feature is the Group Update Provider: you can set a GUP every 100 clients to split the content deployment.
You can also schedule the liveupdate schedule for SEPM.

Regards,

By default all the clients are set to get updates from the manager which is configured in push mode! But only when the clients are to get updates from liveupdate server the scheduling options would work!!

If you r concerned with the bandwidth i wud appreciate you following Giuseppe's way and configure live updates in pull mode and then enable Randomization Option on the manager and reconfigure the heartbeat interval may be to 15 min(5 min by default).

If you have a better n/w bandwidth, configure Live updates policy for the clients to contact symantec server to download updates. Optionally you can set it happen on a daily basis.

We can also schedule when the manager would contact the LU server for downloading updates. Admin > server > local site > properties > LiveUpdate >Schedule..

Well and GUP(Group update provider) is recomended if you have a remote location!! GUP can reduce the bandwith consumed on updating all clients on a remote location as it restricts to single computer,yet the GUP then internally transmits update to the rest of the clients on that location.

Hi,

        You mentioned that  "If you have your Liveupdate policy for managed clients to use the default management server, does that mean there is no way to schedule when a managed client retrieves its updates?".....The answer to this is that you can schedule the time when the SEPM goes to the Live update Server to fetch the updates its once it has it it will distribute it to the clients.



You mentioned that "Once the management server is selected everything in the Schedule area is greyed out." ...the reason why it happens is because depending on the communication mode selected (Pull or Push) the clients communicate with the SEPM this is also commonly known as the heart beat interval its set to 5 minutes by default due to this feature the client is in touch with the SEPM and therefore the scheduling is not required.

As far as this query is concerned  "What I'd like to see is the Management server viewed as an internal LiveUpdate Server and the capability to tell clients when to update. This would be very helpfull when servers are using the managed agent or in environments with low bandwidth connections."....you will have to promote one of the servers in your network other than your SEPM to a Live Update Server. Then you can configure it as per your choice for both Downloading definitions and distributing it to the clients.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101913262648

In general, this is not an issue for desktops.  We have a situation with a terminal server and the system admins would like to schedule when LiveUpdate occurs.  When LiveUpdate runs, it tends to spike the resources for a bit and of course one of the things that were running around the time the server had an issue is LiveUpdate.

You have to admit, it is very difficult to predict when the LiveUpdate process is going to run on the client.

It would be nice if the scheduling of updates was part of the policy.

This particular case is not an issue of bandwidth, but of predictable behavior in a server environment.  We have servers that are running a managed client.

Our clients run in pull mode and we've tweaked heartbeats...... for the most part seem to be updating ok.

I'll have to look at promoting a box to be a Live Update Server.  I was just thinking about that.  The other, non preferable, alternative is to give it access to the Symantec LiveUpdate Servers.  Maybe if it is in the right place and it is just for temporary fault isolation....

I could see a possible use for an internal LiveUpdate server for scheduling updates out at remote locations across slow links.

Yes, I could use a Group Updater, but apparently that cannot be set to a defined schedule either.

It sound like we might have to create an internal Live Update Server and another Live Update policy to be distributed to select clients.

Oh yes, did see a good posting by Paul M. about what constitues content revisions and the impact it could have if clients are disconnected for more than a day.  I'll have to take another look at that.  I'll see if I can find the link I looked at.

Todd K.