Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

Peer-to-peer AV def sharing among Message Security products without LUA, just like SEP

Created: 30 Aug 2012 | 1 comment
ayako's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

Recently I see so many LiveUpdate 235 (package authentication failure) errors/def-update failures, which apparently stems from the volume of the ever-increasing definition size.

Instead of saturating LiveUpdate servers with HTTP requests from each and single Message Security products, having a parameter/switch exposed on the management console GUI, which allows to enable/disable to share the downloaded definitions among peer servers, just like SEP clients do.

Suppose we have 16 Scan Engine servers in a segmented network, each of them separately executes LiveUpdate and seriously affects its network bandwidth availability hourly-basis. Naturally, introducing an LUA would be an option, however setting this software and managing is some extra work. Instead, we might want to have a cluster (say, 16) of Scan Engine servers, and one of the poll-chosen delegates pulls the def contents from the LU servers, then talks to other peer server (via resident agent) that it has the new def, propageting it in binary mannaer, until all the peers share the same version.

This would help reduce outbound LU requests, leading to less server-side premature disconnections/read timeout errors, at the same time, reduce the traffic in the Scan Engine's network bandwidth.

As keeping definitions up-to-date is the key to help the environment protect from threats, reducing the traffice to LU servers should be something seriously concerned, if not by this way.

Comments 1 CommentJump to latest comment

TSE-JDavis's picture

This could also be a time where a caching proxy would be helpful. The proxy would cache the definitions and provide them to each Scan Engine.

I am unclear on your opposition to setting up a Liveupdate Admin server. It is pretty straightforward and once you set it up there is not much else you need to do.

Login to vote