Optimize gradually Update Endpoint Upgrade

Hello stvoglio,

we update the AV Subscription manually every time its released

you mean you (on behalf of your customer) use a fixed version, somehow get to know there's a new one and over the weekend switch to it? Bet the locations with a bad connection are also the ones where WOL doesn't work. Why - BTW - manually? Because of the bandwidth issues? Or is there another reason?

update from some machine

... which would preferably act as an update manager. Or have you already considered and dismissed this?

Christian

Hi Christian!

Thank you for your answer. 

No we don't update every single Update just the Software Subscription. 

So we go on Update Managers, Add SoftwareSubscription... etc. The Main Reason we do it manually is that we have to Test the new Subscriptions always for 2 Weeks in a Testenviroment before we update the Poliy for the rest of the clients.

The thing  with the Update Manager is that a lot of our customers offices don't have a Server where we can install the Update Manager (NAS Devices as Fileserver). And installing it on a productive Windows PC is an absolute nogo

Hello stvoglio,

:smileytongue: scusi, SLMO tali test sono ampiamente sopravvalutati :smileyvery-happy: - but that's a different topic.

If additional SUMs (which, BTW, do not have to run on a server - but you seem to be aware of this -, don't have to act as file server - the actual CID could be on the NAS -, and furthermore can be instructed to check for software updates just at a specific time on a certain day of the week or even only when manually instructed to do so) are not feasible then you could mirror the appropriate CID to the NAS. 

Guess message relays are not used for managing the endpoints, are they? And do the endpoints update via SMB/NetBIOS or HTTP?

Christian

Hi Christian. 

Ok so let me get this clear. 

Basically you are saying I should create on the NAS Devices a Share on which I can mirror the Updates from our Server (so far so good). 

But do I have to create for every singe office with a NAS a updating policy and then go through those policies every time a new subscription comes out to select the new engine? 

And how do the clients update from the NAS if the SUM Service is missing? 

Thank you

Hello stvoglio,

guess the NAS servers have different names at different site so each site would have to have its own policy. If you update all sites on the same weekend it's better not to change the subscription in the policy but to change the subscribed product in the subscription. Say you have two subscriptions, Production and Test. Both are set to SESC 10.3.12. You have two corresponding CIDs on the server. Your updating policies are SiteA, SiteB and so on (pointing to the local NAS but all using the Production subscription), and Test. When 10.4.1 or whatever comes out you change the Test subscription to this product version.The server deploys the new version to the Test CID and the test endpoints update. Once you are finished you just change the product version in the Production subscription. The server will update this CID, the NAS servers will mirror it and the production clients will update with the new version.

A SUM is just a tool to download updates directly or indirectly from Sophos, verify the validity and integrity, and deploy them to the CID in a structure exepcted by AutoUpdate. AutoUpdate on the endpoints just reads a folder's contents from the update location - whether it's a network share, some removable medium, or a local folder doesn't matter at all. 

Christian 

Ooooh Christian... that sounds like a plan that could work :)

I didn't know that it is possible for the workstation to update from a device that doesn't have SUM installed. 

Ok last question. In the schedule menu of the Update Manager

"Software updating" is responsible for the subscription update right? So I have to schedule that to update it only during night time.

Edit: and is there somewhere a Log where I can controll if a mirroring on some shares didn't succeed? 

Hi Christian,

So you are saying I should define a Rule on our NAS that does a pull from the server and not link the NAS Share in the Update Manager configuration under "Distribution Tap" -> Update to -> \\NAS\Share ?

I think what you want to tell me is that I can define on the NAS the Pull Intervall while the push from the server to the share can't be configured right?