This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Roaming Laptop Options?

Hi all,

Just wondering what Sophos offer when it comes to business laptop users that roam from site to site and there laptop requires virus definitions update - is there a solution where the client is intelligent enough (example assigned an IP address from an office) that the client knows to go to the nearest parent server for its updates so its does pull virus definitions across the WAN?

For example - we will have a dedicated server/PC on small, medium and large sites that the clients could go to local to pull down the virus definitions to save WAN performance being reduced.

Cheers,

Anthony

:420


This thread was automatically locked due to age.
  • Intelligent clients - that's asking too much :smileywink:

    Now I'm not sure I understand your objection to updates over WAN. Are you concerned about the time it takes for a client to get the updates? Clients updating from an on-site server wont save much bandwidth (if at all) unless there are many roaming clients - the server in turn needs bandwidth for fetching the updates from Sophos.

    I assume all the sites are "yours" but more or less independent (otherwise skip the rest).

    Usually the updating policies use a name to identify the server - whether UNC or http. If your update servers have the same name then the clients will automatically connect to the "local" server. Of course all the servers should be up to date otherwise you might encounter clients downgrading their installation.

    -OR-

    If you are using private IP addresses at your sites use the same address and specify  an address instead of a name in the policy.

    Leaves the problem of management. If the sites and servers are independent setting up a central management for these clients would be ... forget it, too much pain (if possible at all, would probably require some black magic and be unsupported). But with some hacking it might be possible that the clients not only download from the on-site server but also report to it (and accept policies from it). Caveat: when trying this make **bleep** sure that your policies are "in sync".

    And if the above doesn't make sense - please forgive, it's Friday afternoon

    Christian

    :421
  • G'day!

    In an Active Directory environment, I've had sucess in using Microsoft DFS Namespaces to collectivly group shares across an organisation which contain the same content.  With these in place, I use Sophos Update Manager to keep the CIDs updated, and the clients will work out through the magic of DFS where to go to get their update data.

    Please, DO NOT use DFS Replication for CIDs as this is unsupported and will cause issues with the CIDs.

    Cheers

    :432

    ==

    When in doubt, Script it out.

  • Hi Anthony,

    Solution to your problem can be vary simple if you have DHCP / DNS server on each location.

    In this case just create DNS record on each location (sophos.myorg.local) pointing to Sophos update server for this location. In update profile set "sophos.myorg.local" as primary location and here you have it. As users roam they will get different DNS server for each location (via DHCP) and this DNS will point them to local update server.

    How you will sync the CIDs this is something different but I presume server on each location will populate CIDs from your central server.

    Igor

    :433