Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 9358 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clientupdate causes 200 MB traffic per Client - is there no incremental update possible?

hgms

hi there.

we're using Sophos Complete Security Suite with centralized update manager and >1000 clients spread in our country. i believe there must be a chance to let them update their virus signatures incrementally. atm every single client causes a traffic of about 200 MB which bursts our company connection to the other branches.

sadly, setting up one update manager in every branch is not an option. how can we reduce the traffic to every single client?

:56891


This thread was automatically locked due to age.
  • 0

    Hello hgms,

    let them update their virus signatures incrementally

    this is done throughout the day (called threat detection data, the .IDEs in the AV directory). From time to time these "individual" updates have to be consolidated and pruned (the .VDBs),  thus every month or so there's a major update which delivers a larger amount of data. Furthermore engine updates and updates to other components (AutoUpdate and RMS) result in a larger download (but they are infrequent - and this month the VDBs and the software updates were in separate updates, nevertheless as they happen at the same time for all endpoints they can generate a significant amount of traffic).

    setting up one update manager in every branch is not an option

    Why? What speaks against it? Depending on the number of endpoints a SUM doesn't even need to run on a server OS. While there are (rather tedious) ways the spread the traffic you can only reduce it if you let the branch endpoints update locally.

    Christian 

    :56892
  • 0

    ty QC, this is what I feared.

    one SUM-machine per branch is not an option because most of the branches completely shut down the power at night. more of 50 branches are connected to company connect network, VPN or MPLS to our centralized server farm. installing SUM on one client per branch might be ok, but just with a bunch of rework in our set of rules. i will try that with some sites ...

    :56948
  • 0

    Hello hgms,

    most of the branches completely shut down the power at night

    that's not a real problem for SUM. It adds some latency, the endpoints might not receive the latest updates on the first update attempt but with a frequent update schedule the additional exposure is minimal. The larger (aka Software) updates can be scheduled for specific weekday/time combinations.

    Adding the SUMs is some effort - OTOH it's a one time effort. Didn't have to touch (as far as Sophos software is concerned) any additional SUM after it had been installed (years ago). Then there are of course the updating policies. If you have a segmented DNS (i.e. branch specific entries) the use of CNAMEs could make things easier.

    Christian

    :56949