Upgrading? Need advice? Let us know!

Hi Matt,

Sorry, I didn't mean the DVD as a serious suggestion (for the reasons you list), hence the smily face. Though some of our customers do use this kind of technique, particularly for high security air-gap networks. This is also why (though this may change) the ide format is still in plain text: in extremis admins can type them in to counter specific urgent threats.

As to the unreliable links, I was responding to Christian's question about CID deployment, not your situation.

If you (or others) are having trouble with CID deployment over slow links, then we'll have to investigate further: I'm not aware of any particular reason why it should be problematic.

Cheers,

John Reynolds

Hi Matt,

Another note: our performance testing during SUM development showed it to be significantly faster at deploying CIDs remotely than EMLibrary. If this is not what you are seeing, we'd have to think about this further.

Cheers,

John Reynolds

Hi John,

So far I've not been able to prove the speed becasue as I add CID's, the machine gets slower and slower until it ground to a halt with about 4 subscriptions and 8 deployments. I'm now back to just 2 subscriptions and 2 deployments and it's coping. I'm going to increase this now to include the Singapore site so that I can test the overhead.

It may very well be faster overall but because the CPU load is so high, the machine become unusable to check. But since the hickup of yesterday that seem to have free'd it up a bit, I'm going to introduce more and see what happens. At the same time, I'm reducing the EMLib updates so there's never more CID's than before.

I'll report back (probably after the weekend now as it'll possibly take that long to deploy initially).

Matt

Yet another thought that might be relevant to the discussion of slow links:

The update done if you select an 'Update Now' or reconfigure a SUM is rather more careful about validating everything than the normal updates done by SUM. This is so that many updating problems (for instance due to corruption or tampering) can be fixed by selecting update now from SEC.

However, in the case of slow links this has the side-effect of causing a detailed check of the files in the CID, which could indeed by painful. If this is causing significant problems, we may have to look at adding more configuration options for this.

There is a third option to using remote CIDs or child SUMs: make the primary SUM files available from a web server, configure the endpoints to update via http from this, and add a standard caching proxy at the branch office. Many of our larger customers use this scheme, particularly as the branch offices often have proxies already. There are a few downsides to this though: SEC doesn't handle the association of endpoints with http locations seamlessly (we hope to improve this), it involves some extra infrastructure deployment, and endpoint updating can take a little longer.

Cheers,

John Reynolds

John,

HTTP access; this maybe a better idea and I can see how I could implement that. At the moment, my config has update from local CID as primary and secondary via our primary website which has a WebCID. The idea here is that they update from a local CID when in the office and when they go out with a laptop, they update from our webCID. I could change that so that they update from the webCID with proxy for primary and webCID without proxy for secondary. That might then enable me to stop deploying remotely.

On the downside, initial deployment would be painful as now there's no local source so the entire package would be brought in over HTTP (probably not that bad though). HTTP access with no UNC or VPN overhead gets a solid 300-400Kbps rate from SIngapore to our websit so probably very acceptable. So my initial 'protect' from HQ might take a while which I'd be faced with rather thank just click the setup in the local CID folder.

I'll configure a group and drop a couple of users into it and see what happens.

Thanks John,

Matt