Changing Update Manager Server

Hello Tim,

I don't know how familiar you are with the concepts of SEC and what you've already been told. Let me mention a few things.

As I said the groups are the basis for policy assignment. You need them if you want or have to apply different policies. You also need groups if you want to use Roles and Sub-estates (which is probably a good idea). Back in SEC3.1 it was recommended that a group should contain no more than 1000 clients but I don't know whether this is still true.

Another point to consider is the number of network connections on your management server. Message relays can reduce the number of concurrent connections.

As your main problem is to set up a group structure and get the clients into it using Protect computers is out of the question. Well, what would I do?  

1. Start with the SUMs (and configure them as message relays). Create a group for each SUM (e.g. SUMSitenn under the root, create and assign the appropriate policies and move the SUMs to their group.
2. Use GPOs (or a equivalent method which you can apply on the site-level) to install Sophos on the clients. This could be a simple script to install from the correct CID or a package. Specify the -G parameter on setup.exe with the desired group (e.g. \\YOURSERVER\SUMSite01 - it is case sensitive). As clients install they will be moved to the correct group for future management.
3. Create subgroups and move the clients as necessary.   

Hmm, almost sounds too easy. Is there a way, outside of the Enterprise Console, to control what Update Manger server a client uses after the agent is installed. As outlined above you make the settings before install. Even if you mess up with the -G parameter you can later "mass move" them to their groups as they should report their update location to SEC (which is the initial install directory). You can sort them by update location (well, you'll probably not install all of them at once), select and drag.

HTH

Christian

Hello Tim,

I don't know how familiar you are with the concepts of SEC and what you've already been told. Let me mention a few things.

As I said the groups are the basis for policy assignment. You need them if you want or have to apply different policies. You also need groups if you want to use Roles and Sub-estates (which is probably a good idea). Back in SEC3.1 it was recommended that a group should contain no more than 1000 clients but I don't know whether this is still true.

Another point to consider is the number of network connections on your management server. Message relays can reduce the number of concurrent connections.

As your main problem is to set up a group structure and get the clients into it using Protect computers is out of the question. Well, what would I do?  

1. Start with the SUMs (and configure them as message relays). Create a group for each SUM (e.g. SUMSitenn under the root, create and assign the appropriate policies and move the SUMs to their group.
2. Use GPOs (or a equivalent method which you can apply on the site-level) to install Sophos on the clients. This could be a simple script to install from the correct CID or a package. Specify the -G parameter on setup.exe with the desired group (e.g. \\YOURSERVER\SUMSite01 - it is case sensitive). As clients install they will be moved to the correct group for future management.
3. Create subgroups and move the clients as necessary.   

Hmm, almost sounds too easy. Is there a way, outside of the Enterprise Console, to control what Update Manger server a client uses after the agent is installed. As outlined above you make the settings before install. Even if you mess up with the -G parameter you can later "mass move" them to their groups as they should report their update location to SEC (which is the initial install directory). You can sort them by update location (well, you'll probably not install all of them at once), select and drag.

HTH

Christian