Change update location based on subnet

Hi,

So you're saying that you can't define an updating policy per site for these machines in SEC?

So in SEC you can't have:

|-SiteA
|-----Servers
       [SUM ServerA]  (I assume this is used by SUS as well?)

|-----Clients  

      Client1, Client2,  Client3, etc...

|-SiteB

|-----Servers

       [SUM ServerB]  (I assume this is used by SUS as well?)

|-----Clients  

      Client1, Client2,  Client3, etc...

Have a SUM at SiteA and SiteB pushing a distribution point locally to the server.  Then in SEC have 2 updating polices;  E.g. called SiteA and SiteB where you configure the location?

Just to confirm really.

Is DNS hacks at a site level possible?

So in the policy you define:  \\Server\SophosUpdate.....  Which is what all clients look for.

The clients at each site then resolve "Server" to the actual local "Server" name?

If you fiddle with iconn.cfg to set the location you will end up with computers showing differs from policy.

The other option that might be of use is to use the "Allow location roaming" option in the updating policy but this is really for computers that move between sites where there are a number at each site that are fixed.  In this method as long as the clients use the same subscription it will work so they have to be part of the same SEC infrastructure.  When the client moves to the other site, it will "find out" from other clients where they update from, and as long as they are using the same subscription the "roaming" client will then use the same location which is likely to be local to the site.  This doesn't seem quite what you're after as it does require a number of computers to be updating from the local site already.  It also doesn't guaratee anything as is more of a bonus when it works to save clients that move updating from their original location which could be the other side of the world for example.

Regards,

Jak

Hi,

So you're saying that you can't define an updating policy per site for these machines in SEC?

So in SEC you can't have:

|-SiteA
|-----Servers
       [SUM ServerA]  (I assume this is used by SUS as well?)

|-----Clients  

      Client1, Client2,  Client3, etc...

|-SiteB

|-----Servers

       [SUM ServerB]  (I assume this is used by SUS as well?)

|-----Clients  

      Client1, Client2,  Client3, etc...

Have a SUM at SiteA and SiteB pushing a distribution point locally to the server.  Then in SEC have 2 updating polices;  E.g. called SiteA and SiteB where you configure the location?

Just to confirm really.

Is DNS hacks at a site level possible?

So in the policy you define:  \\Server\SophosUpdate.....  Which is what all clients look for.

The clients at each site then resolve "Server" to the actual local "Server" name?

If you fiddle with iconn.cfg to set the location you will end up with computers showing differs from policy.

The other option that might be of use is to use the "Allow location roaming" option in the updating policy but this is really for computers that move between sites where there are a number at each site that are fixed.  In this method as long as the clients use the same subscription it will work so they have to be part of the same SEC infrastructure.  When the client moves to the other site, it will "find out" from other clients where they update from, and as long as they are using the same subscription the "roaming" client will then use the same location which is likely to be local to the site.  This doesn't seem quite what you're after as it does require a number of computers to be updating from the local site already.  It also doesn't guaratee anything as is more of a bonus when it works to save clients that move updating from their original location which could be the other side of the world for example.

Regards,

Jak