This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network overrun by update SAV 10.7.2

Hi all ,

 

i have experience with my network , hin is in down because lot of client begin updating the new version ( SAV 10.7.2).

 

How do you set up the update policy ? My network is not bigger. We have more or less 700 computers.

 

Please some idea ??

 

Thanks so much.

 

 



This thread was automatically locked due to age.
  • Hello cristianodias,

    which product line - 10.7.2 suggests the Preview subscription of the on-premise, SEC managed SESC? As the endpoints are updating locally via UNC or HTTP there'll be noticeable traffic, it's less than 150MB per endpoint though. It's probably too late for this update but you could prepare for next time. SEC warns about upcoming larger updates - it looks like you're using Preview though. Is this so, and if - why?

    If bandwidth is actually a concern you can limit it in the updating policy. Another option is to stage updating by using different policies with different subscriptions. 

    Christian

  • Hi Christian ,

    Thanks so much for your answer.

    My product is SEC.

    The endpoint are updating locally via UNC.

    Primary Server

    Second Server

     I using Preview for anticipate the updates, but I thinks is not the good practice??

    The option to limit updating policy is one good solution? How to make the big enterprises? For example if you have 5.000 endpoints??

    If you use different policies with different subscriptions how to make do ? why different subscriptions? Because we need the same version for all endpoints.

    Thanks so much mister !!!

    Best regards ,

     

     

    Updating.pdf

  • Hello cristianodias,

    Preview is a version which is at some times "ahead" of Recommended. Not long ago Recommended was 10.6.3 and Preview 10.6.4 (which added some functionality). Lately 10.6.4 was rolled out for Recommended and soon after 10.7.2 for Preview. You might want to read Sophos subscriptions, packages, and product versions - FAQs. Please note that Preview is not for receiving notifications about upcoming updates, what's more while you get notifications for significant changes to Recommended you won't get any for Preview.

    I happen to have 5000+ endpoints, updating interval 10 minutes, so quite a lot updates happen at the same time. Naturally it depends on the network, its topology, and last but not least your server(s) whether this causes an unacceptable traffic or not. If bandwidth limiting in the policy works as advertised and you set it to the maximum 512kb/s it'll take (if my math is correct) one and a half (1.5!) hours to download the full product. 200 endpoints updating with 512kb/s will of course max out a 100Mb/s link.

    different subscriptions - we need the same version
    it doesn't make much difference when the endpoints are successively upgrading - normally there's no need for the same version. If your endpoints are in groups of reasonable size (say, not more than 100 per group) you can limit the number of endpoints which upgrade at the same time. You need an additional subscription (Subscription in terms of SEC, not a license) to have both versions available on your server.

    Christian

    BTW: The checkbox above the Post button is Suggest as an answer - meaning: I think what I have posted is an answer. It's not Suggest an answer - meaning: Please tell me a solution to my question.

  • Hi Christian ,

    thanks again !:)

    1 - Then is more better work with Recommended ?

    2 - My topology of network i have different subnets with diferent bandwidth , no all that same bandwidth. You have a 5000+ endpoints and all computers happen at the same time ?? Jesus , your network is very fast no ??

    3 - Why not recommend use group with more 100 computers ?

    4 - I have thow subscription , one recommended and another preview. But i think is important all endpoint working the same version no ?

    Thanks so much,

    Cristiano

     

     

  • Hi Christian ,

    your 5000+ endpoint with stay connect ? in the same network or in different network ? all endpoints upload in the same Server UNC ?? Or you have different UNCs ??

    My backbone of macronlan is 50Mb.

    Thanks again.

    Best Regards

    Cristiano

     

     

     

     

     

  • Hello Cristiano,

    backbone has don't-ask-me-how-many Gb (a significant portion of our endpoints has already Gb connectivity), about 3000 endpoints download (not all online at the same time though) from one server, the rest from a second one which also hosts the WebCID.

    The 100 computers was just an estimate (throttled downloads with 0.5Mb per endpoint will amount to 50Mb). Any number which wouldn't overload the network.

    As said, it's not essential that all endpoints upgrade on the same day.

    Additional UNC locations (with "child" SUMs) would be another option if you have servers with free resources in the appropriate locations.

    Christian

  • Hello Chistian ,

     

    this is my question " As said, it's not essential that all endpoints upgrade on the same day." How do you do for all endpoints don`t upgrade on same day ?

    Because the police don´t allow to program by day or by hour.

    How do i schedule it on different days ?

    The police of update have only on option: update on x minutes.... but don´t have schedule by day... :(

    I would like to schedule all my groups on different dates for upgrade , but i don´t know.

    Thanks.

     

  • Hello Cristiano,

    basically you'd have two updating policies, one (R) for subscription Recommended and one (P) for Preview. Normally all groups use (R), once you decide to upgrade assign (P) to one or more groups, repeat until all have (P). When the preview version is rolled out in recommended set all groups to use again (R). Actually you'd better do this with Previous Recommended and Recommended. You can't automate this though.
    Instead of (re-)assigning policies you could give each group its own updating policy. Instead of assigning policies you'd then select the appropriate subscription in the applicable policy.

    With additional SUMs you could schedule when the SUM checks for software updates. Thus endpoints updating from different SUMs would implicitly upgrade at different times.

    Christian

  • Hello Christian , how can i create different SUMs ?

    Thanks.

    Cristiano

  • Hello Cristiano,

    please see the How to install ... article.

    Christian