Upgrading? Need advice? Let us know!

Hi Lil,

Actually for the moment, I'd rather this all stays in the public domain to assist other users rather than hide it all in the private messaging. I'm stunned that your developers aren't aware of the problems, looks like support isn't feeding back information.

I think the migration failed because of the complexity of the CID's but recreating new updates isn't that much hassle so rather than spend days firing support questions and logs as I started to do and have call references that never closed which I can PM you, I just gave up and manually configured the updates myself, which I found much easier anyway as your support staff seemed very green on the new version back last year when I upgraded, than the upgrade process itself.

So let's look at why this is all so 'cludgy'......................

Firstly, let's look closely at v.3 library manager and see exactly how that worked. I had a subscription to the databank and I simply ticked all the packages I want to download. In my case, this is win 9x, NT, x86, x64, Linux libc6, MacOSX . 6 Packages that gave a download warehouse of 250Mb's (approx) Can jump as high as 350Mb's during the month.  From this single download, I can then distribute CID's to my domains. Some CID's have just 9x and x86, others may have 9x, x86, NT and so on. There are 8 combinations but only one download is required from Sophos databanks. Each CID is copied out from the LibMan server to the CID locations across UNC paths (most are local 100 base LAN but there are 3 distributed across slower WAN links). During the copy process, DLLLoader.exe executes and checksums the CID folder before integrating the updated files. DLLLoader puts reasonable pressure on the server but although heavy is not overpowering (there do seem to be some issues with this process though as there is noticeably more CPU load on slower links which means the process is not threading correctly and chewing CPU - probably due to poor wait loops).

Now let's look at v.4 Update manager. Hmm, first problem; I no longer have the ability to specify the packages I want in each CID so I now have to create a subscription to match the packages for each CID. Each subscription downloads it's own warehouse of packages. So in my 8 combinations, I now download x86, 9x for every warehouse and then some with NT, some with NT+linux, some with NT+linux+MAC, some with NT+MAC etc. Giving 8 warehouses. Total download size 4.3GB's (yep, v.9 EPS is much larger than v.7 SAV - almost double by my calc). Remember I said that Dllloader.exe was pretty heavy on CPU. Well SophosUpdateMgr.exe makes that look stupid, it chews CPU like no other process invented. Take a look for yourself, look at task manager and see the amount of CPU used (note, CPU usage, not RAM - your support took a while to cotton on to that). Now add a second warehouse (or subscription) and look again at the CPU during and update. Add another and look again.

Life is so bad with EMC v.4 that I've rolled back to lib manager v.3 and reduced the warehouse count on lib manager to just 2 and dedicated an entire server to this process now. With 2 subscriptions, my server spends ~11 minutes of each 15 minutes between update cycles (your default) servicing 2 CID's. 1 CID contains 9x, x86, Linux and NT and a second just x86. If I add a 3rd subscription, the server is flat out 24/7/365 100% CPU dedicated to SophosLibraryMgr.exe. The two remaining CID's are local 100base LAN connections so no slow WAN involved - dread to think what that would be like. Support have told me to get a faster server to fix this. What I find astonishing is that I can run an MD5 checksum across a Sophos warehouse in around 30-50 seconds on this server whereas UpdateManager seems to chew the disk for around 30 seconds then spend the next 10 minutes or more eating CPU with little or no disk activity.

There are so many issues with the new update manager that I really feel it's unsuitable and not fit for purpose. E.g. take a simple feature I relied on. When I get an update on LibMan v.3, I get an email. The email tells me that I've had xyz.ide update. With Update manager, I get a nice notice in EM Console saying my warehouse last updated but I haven't a clue what got updated and if it was a minor or major update. If I submit a sample to Sophos, I want to know exactly when I'm covered by Sophos. The emails I get back from Labs say that xyz.ide will go up on the databank. But now I do not know when that has happened. LibMan v.3 emailed me, update manager v.4 doesn't tell me toffee!

I would absolutely love direct contact with your developers and cut out the Chinese whispers from support to labs. Let's get some real feedback into the hands of those that write the package and make progress getting Sophos sitting on top again. I've been a subscriber of Sophos for in excess of 12 years now watching it grow from v.1 SAV through v.9 EPS and never been as disappointed in a product as much as this latest release. Still, staying on topic here, lets fix Update Manager first.

Matt

Hi Lil,

Actually for the moment, I'd rather this all stays in the public domain to assist other users rather than hide it all in the private messaging. I'm stunned that your developers aren't aware of the problems, looks like support isn't feeding back information.

I think the migration failed because of the complexity of the CID's but recreating new updates isn't that much hassle so rather than spend days firing support questions and logs as I started to do and have call references that never closed which I can PM you, I just gave up and manually configured the updates myself, which I found much easier anyway as your support staff seemed very green on the new version back last year when I upgraded, than the upgrade process itself.

So let's look at why this is all so 'cludgy'......................

Firstly, let's look closely at v.3 library manager and see exactly how that worked. I had a subscription to the databank and I simply ticked all the packages I want to download. In my case, this is win 9x, NT, x86, x64, Linux libc6, MacOSX . 6 Packages that gave a download warehouse of 250Mb's (approx) Can jump as high as 350Mb's during the month.  From this single download, I can then distribute CID's to my domains. Some CID's have just 9x and x86, others may have 9x, x86, NT and so on. There are 8 combinations but only one download is required from Sophos databanks. Each CID is copied out from the LibMan server to the CID locations across UNC paths (most are local 100 base LAN but there are 3 distributed across slower WAN links). During the copy process, DLLLoader.exe executes and checksums the CID folder before integrating the updated files. DLLLoader puts reasonable pressure on the server but although heavy is not overpowering (there do seem to be some issues with this process though as there is noticeably more CPU load on slower links which means the process is not threading correctly and chewing CPU - probably due to poor wait loops).

Now let's look at v.4 Update manager. Hmm, first problem; I no longer have the ability to specify the packages I want in each CID so I now have to create a subscription to match the packages for each CID. Each subscription downloads it's own warehouse of packages. So in my 8 combinations, I now download x86, 9x for every warehouse and then some with NT, some with NT+linux, some with NT+linux+MAC, some with NT+MAC etc. Giving 8 warehouses. Total download size 4.3GB's (yep, v.9 EPS is much larger than v.7 SAV - almost double by my calc). Remember I said that Dllloader.exe was pretty heavy on CPU. Well SophosUpdateMgr.exe makes that look stupid, it chews CPU like no other process invented. Take a look for yourself, look at task manager and see the amount of CPU used (note, CPU usage, not RAM - your support took a while to cotton on to that). Now add a second warehouse (or subscription) and look again at the CPU during and update. Add another and look again.

Life is so bad with EMC v.4 that I've rolled back to lib manager v.3 and reduced the warehouse count on lib manager to just 2 and dedicated an entire server to this process now. With 2 subscriptions, my server spends ~11 minutes of each 15 minutes between update cycles (your default) servicing 2 CID's. 1 CID contains 9x, x86, Linux and NT and a second just x86. If I add a 3rd subscription, the server is flat out 24/7/365 100% CPU dedicated to SophosLibraryMgr.exe. The two remaining CID's are local 100base LAN connections so no slow WAN involved - dread to think what that would be like. Support have told me to get a faster server to fix this. What I find astonishing is that I can run an MD5 checksum across a Sophos warehouse in around 30-50 seconds on this server whereas UpdateManager seems to chew the disk for around 30 seconds then spend the next 10 minutes or more eating CPU with little or no disk activity.

There are so many issues with the new update manager that I really feel it's unsuitable and not fit for purpose. E.g. take a simple feature I relied on. When I get an update on LibMan v.3, I get an email. The email tells me that I've had xyz.ide update. With Update manager, I get a nice notice in EM Console saying my warehouse last updated but I haven't a clue what got updated and if it was a minor or major update. If I submit a sample to Sophos, I want to know exactly when I'm covered by Sophos. The emails I get back from Labs say that xyz.ide will go up on the databank. But now I do not know when that has happened. LibMan v.3 emailed me, update manager v.4 doesn't tell me toffee!

I would absolutely love direct contact with your developers and cut out the Chinese whispers from support to labs. Let's get some real feedback into the hands of those that write the package and make progress getting Sophos sitting on top again. I've been a subscriber of Sophos for in excess of 12 years now watching it grow from v.1 SAV through v.9 EPS and never been as disappointed in a product as much as this latest release. Still, staying on topic here, lets fix Update Manager first.

Matt