Hi,
I know GUP is a regularly asked about topic so I appologise in advance for adding to it. However I feel the Symantec documentation just doesnt seem to clearly answer exactly how it works, at least for someone with zero experience in configuring GUP's.
I work from a Head Office so to speak and I have ~2000 endpoint clients. We have about 100 remote sites each with their own subnet (192.168.X.0/24).
I have created groups for every physical location with their own subnet and all clients are sorted into those groups.
I would like to setup a GUP at each of these sites. I have read many many pages on the symantec articles etc which has gave me a bit of understanding on how it all works (basically). However I do have a number of questions on how to best approach this before I start to play around with it.
- I want to make sure that ALL endpoint clients within a specific subnet ONLY contact the GUP within that subnet regardless of what group they are in (some staff travel to other sites for various reasons, training, etc).
- I want to make sure that under no circumstances do any endpoint clients contact any GUP other than the one within its subnet and if unavailable, go to SEPM then LiveUpdate.
- I assume I should be able to use the 1 LU policy for all the groups for the purpose of defining which endpoint client becomes the GUP using the Multiple Group Update Providers option and defining an array of wildcarded hostnames + OS that I believe fit for the task of being a GUP. Is this correct?
If so, would there be any reason why I would need a seperate LU policy for each remote site (group) based on my requirements in the above two questions? - When reading GUP documentation http://www.symantec.com/business/support/index?page=content&id=HOWTO80957 I came across the following:
"You can configure an explicit list of Group Update Providers that clients can use to connect to Group Update Providers that are on subnets other than the client's subnet. Clients that change location frequently can then roam to the closest Group Update Provider on the list."
I understand this as any group with this policy can access whatever GUP's I put in that list, allowing me to restrict what groups can access different GUP's. Handy however not required for us as I would prefer any user from any group be able to use any GUP on any subnet but ONLY when it currently resides in that subnet. My question is this though, do I add every site's GUP to that list? Or is there no need for this with the requirements I outlined above in Question 1 and 2? The other part of this question is this; if any are added to this list, is the rule of not using another subnet's GUP enforced?
Basically, we have a number of sites with poor internet connections (some around 1mbit) and the purpose of doing the GUP rollout is to reduce bandwidth use at their location. The LAST thing I need is other clients from other subnets sucking up their only bandwidth.
Any advice on how to best approach this would be greatly appreciated. I just dont think the symantec documentation covers this topic of preventing communication between client endpoint subnets.
Thanks