Wed 09-Jan-2013 09:42 - edited Wed 09-Jan-2013 09:43
we are using a Sophos Enterprice Console V188.8.131.529 with no computers in the managment.
We only use this Console to download the Sophos Updates.
To Support Windows 8 we would like to change from "Windows 2000 and above" "10.0 Recommended" to "10.2 Recommended".
Does this have any effect to the older Sophos Clients in the network? Again, we haven't any computer under the computer managment tap and the Enterprice Console is not spezial configurated.
Wed 09-Jan-2013 10:20
why don't you manage your computers, and where did (and do) you install them from - using the stand-alone version? You should have at least the management server itself as manged computer (unless ...).
Replacing 10.0 with 10.2 should not have any effect on the "older" clients (other than, of course, they will upgrade to 10.2)
Wed 09-Jan-2013 10:24
I have only the managment server itself.
I work at a university, we put all the updates an our ISS for the university. All deparments have their own managment server, just getting the updates from "my one".
Am I right, if I haven't clients under computer, the other clients in the network will not update automaticly to 10.2???
Wed 09-Jan-2013 13:10
All departments have their own management server, just getting the updates from "my one"
I see. So they use "your" server (and not Sophos) as Source.
Guess I should explain how it works: An Update Manager expects the update source to be a Warehouse - ultimately the Warehouse is on a Sophos server. The Warehouse contains not only the files to be downloaded (in an encoded and checksummed form) but also metadata - a catalogs and descriptions of the available "stuff" as well as the data required for the consistency checks. The Sophos Warehouse is special insofar as it presents its contents depending on the information supplied by the SUM (mainly the credentials which are used to select the products you have licensed). Metadata also maps general (like 10.0 Recommended) to specific versions and controls automatic version upgrade when a version is (about to be) retired.
A SUM downloads all metadata it "sees" but of the production files only those belonging to a subscription to its Warehouse. While a downstream SUM (updating from this Warehouse) sees all metadata (and consequently can present e.g. versions 9.5, 9.7, 10.0 and 10.2 in the subscription selection) it can only download the versions its upstream (parent) SUM has subscribed to.
If you change the subscription in "your" server to 10.2 the department servers will continue to use 10.0 and subsequently the download of the product will fail. Similarly a department server subscribing to 10.2 will encounter a failure (unless your main server has also subscribed to 10.2).
If I understood you correctly the best way is to add a subscription for 10.2 - the departments then can elect to upgrade to 10.2 when needed or stay at 10.0. Note that they only have to change their Recommended subscription unless they want some of their clients to stay on 10.0 for now.
Wed 16-Jan-2013 10:00
sorry I have to reopen this topic.
We have now two subscription under Software-subscription.
- Recomended 10.2
- Recomended 10.0
Both are shown under subscription and are "subscribed for:".
Under distribution (Verteilung) I can change between Rec. 10 and 10.2
Problem at the moment, if I install 10.2 on a client, and press update now, the software get's donwgrade to 10.0.
Wed 16-Jan-2013 10:34
first some more explanation:
Under distribution (Verteilung) I can change between Rec. 10 and 10.2
The GUI is not very intuitive here - you don't change at all. This interface lets you define extra shares (in addition to the default \\server\SophosUpdate) for a specific subscription. The actual deployment is farther down, ...\CIDs\Snnn\<productfolder>, where <productfolder> is SAVSCFXP for the Windows version and Snnn is the subdirectory for a specific subscription. Recommended goes to S000, the number increases when subscriptions are added. View -> Bootstrap locations ... (Ansicht -> Bootstrap-Verzeichnisse) shows the suibscriptions and their locations.
if I install 10.2 on a client, and press update now, the software get's donwgrade to 10.0
How do you install? Usually the update location is the UNC path where you installed from, thus the client shouldn't downgrade. If the client is managed by SEC it will receive the updating policy (and with it the update location) from the console when put into a group (other than Unassigned/Nicht zugewiesen).
Wed 16-Jan-2013 10:51 - edited Wed 16-Jan-2013 10:57
Jetzt wird so langsam ein Schuh draus.
Wenn ich mir das Bootstrap-Verezichnis anschaue sehe ich
\\SOPHOS01\SophosUpdate\CIDs\S000\SAVSCFXP für 10.0
\\SOPHOS01\SophosUpdate\CIDs\S009\SAVSCFXP für 10.2
auf dem Sophos-Server läuft bei uns dann noch ein IIS der die Ordner ES9x, ESXP und SAVSCFXP usw im Uninetz als Virtuelles Verzeichnis bereit stellt.
Diese Adressen müssen die Clients bei uns als Primären Pfad eingeben.
Die Software zum installieren stellen wir ebenfalls per IIS und Download zur verfügung. Gemanagt wird bei uns nichts.
Wenn ich das jetzt richtig verstehe, muss ich für 10.2 ein neues Virtuelles Verzeichnis erstellen, was auf den S009 Ordner linkt. Dies müsste dann aber anders heißen als SAVSCFXP
ich hab nun einfach mal auf dem IIS gesurft, wenn ich http://savau1.UNIURL.de/CIDs/S009/SAVSCFXP/ als Updatequelle eingebe bekomme ich einen 10.2 Softwareclint und auch Updates :-)
Wed 16-Jan-2013 12:44
for the benefit of other readers I'll continue in English and also give a summary of your response:
The CIDs are published by IIS which provides also the installation packages. Our clients are not managed.
I assume I have to add a virtual directory for 10.2 linking to S009?
Edit: Browsing IIS I saw that I just have to enter http://savau1.UNIURL.de/CIDs/S009/SAVSCFXP/ as update location to get the correct updates
Reminds me of the pre-SEC times .
Die Software zum installieren - did you create a package or do you provide the stand-alone installers? Anyway, it's much clearer now what you do - I was mislead at first, thought you provide a Warehouse for downstream SECs/SUMs. If it is as you described it in this post, just changing the Recommended subscription to 10.2 will indeed make the clients update to 10.2. You probably don't want to require all clients to update their primary location.
You should do some planning how to deal with version changes in the future and what to do with the second subscription. Apart from this I recommend considering at least some kind of management - admittedly it has some cons in a "free" university environment but in the long run it's IMO the better alternative.
Wed 16-Jan-2013 13:11
well I hope I will write it correct.
Our (my :-) ) Sophos Server is the only SEC in the University which is allowed to talk directly to the original Sophos Servers.
My one provides a Warehouse for downstream SECs/SUMs.
My one provides Updates for clients.
My one provides the stand-alone installer via IIS.
We are NOT allowed to manage ANY clients or downstream SECs. They will be managed by the clients-owner or the SECs admins.
So I have to be careful that there will be no auto updates from 10.0 to 10.2 on the clients, started by me! :-)