bluespringsit
asked on
Symantec LIve Update vs. Virus Definition Manager
I'm trying to understand how liveupdate functions on the network. I have a primary server, then several groups that contain the workstations and servers. On server, under Virus Definition Manager I have the server set to "Update the primary server of this server group only" The clients are set to update from their parent server. The clients are divided into several different groups, but they all have the same Primary server, which is not in any of the groups. What I don't understand is what it says on that same tab, under "how clients retrieve virus definition updates" It says ServerA Clients (Not in Groups)
The second part of my confusion is where Live Update comes in. Does Live Update handle virus defiitions as well, or just product updates. How is Live update used in conjunction with Virus Defiition Manager?
I realize that this is a long winded question which probably calls for a long winded answer so I will award points accordingly. I'm really trying to get a clear picture on how live update fits into the picture or if its even needed if you were just concerned with virus definitions.
The desired end result is to have all clients, in the various groups, download definitions and updates from the parent server. I'd like to make the laptops aware of their location, and use symantec's server to download definitions if outside of my network. This is how I arrived at Live Update and its host files, ect.
I'm running Symantec Antivirus Corp 10.0. Currently the virus defs are updating without any problem, but I can't tell if the clients are getting them from the primary server or the internet. I also don't know if Live Update is distributing the defs or not. I appologize in advance for the rookie question. I have read the manuals but I'm still confused.
The second part of my confusion is where Live Update comes in. Does Live Update handle virus defiitions as well, or just product updates. How is Live update used in conjunction with Virus Defiition Manager?
I realize that this is a long winded question which probably calls for a long winded answer so I will award points accordingly. I'm really trying to get a clear picture on how live update fits into the picture or if its even needed if you were just concerned with virus definitions.
The desired end result is to have all clients, in the various groups, download definitions and updates from the parent server. I'd like to make the laptops aware of their location, and use symantec's server to download definitions if outside of my network. This is how I arrived at Live Update and its host files, ect.
I'm running Symantec Antivirus Corp 10.0. Currently the virus defs are updating without any problem, but I can't tell if the clients are getting them from the primary server or the internet. I also don't know if Live Update is distributing the defs or not. I appologize in advance for the rookie question. I have read the manuals but I'm still confused.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
dang laptop
Intellegent Updateris a manual viruse defination updater and should as eb pointer out never be used on a ANTIVIRUS server.
If you have the A/V client installed as a MANAGED client the updates are pushed down from the network A/V server to the client. The network a/v server pulls the update from Symantec A/V server on the internet. There are options in the A/V server setup to
control when this happens.
If you have the A/V client installed as a UNMANAGED client then live updates in active, note I said "Active and not installed as live update is install as part of the symantec install The Live Update button is Lighted when the client is unmanaged. The unmanaged client connects to the internet and downloads a/v updates, This should be done as a weekly routine.
Unmanaged clients, as eb mentioned, are usually used on laptops or machines that are not connected to the networkby a direct connection.
The Primary server should be though of as theinternet connection and download point for A/V updates (defs and softwre).
Drawing a picture may help you figureout what is happening.
Primary Server
Group Sever (point to prinary server)
Group members (point to group servedr)
So the Primary downloads the updates pushes to the Group servers and they in turn push the updates to the clients.
That should help. By the way ifyou don't have a support contract get one. I have one and to me it is worth every cent.
Intellegent Updateris a manual viruse defination updater and should as eb pointer out never be used on a ANTIVIRUS server.
If you have the A/V client installed as a MANAGED client the updates are pushed down from the network A/V server to the client. The network a/v server pulls the update from Symantec A/V server on the internet. There are options in the A/V server setup to
control when this happens.
If you have the A/V client installed as a UNMANAGED client then live updates in active, note I said "Active and not installed as live update is install as part of the symantec install The Live Update button is Lighted when the client is unmanaged. The unmanaged client connects to the internet and downloads a/v updates, This should be done as a weekly routine.
Unmanaged clients, as eb mentioned, are usually used on laptops or machines that are not connected to the networkby a direct connection.
The Primary server should be though of as theinternet connection and download point for A/V updates (defs and softwre).
Drawing a picture may help you figureout what is happening.
Primary Server
Group Sever (point to prinary server)
Group members (point to group servedr)
So the Primary downloads the updates pushes to the Group servers and they in turn push the updates to the clients.
That should help. By the way ifyou don't have a support contract get one. I have one and to me it is worth every cent.
Intellegent Updateris a manual viruse defination updater and should as eb pointer out never be used on a ANTIVIRUS server
Correction you can use intelegent updater there are 2 types
the .exe NEVER USE ON A SERVER
and the .xdb this can be used on a server (instructions can be found on symantes's site.
By the way ifyou don't have a support contract get one. I have one and to me it is worth every cent.
I love my support contract and I only have Gold, if you can get Platinum get it, then you can call your TAM (Technical account manager) 24X7 for these kind of questions.
Correction you can use intelegent updater there are 2 types
the .exe NEVER USE ON A SERVER
and the .xdb this can be used on a server (instructions can be found on symantes's site.
By the way ifyou don't have a support contract get one. I have one and to me it is worth every cent.
I love my support contract and I only have Gold, if you can get Platinum get it, then you can call your TAM (Technical account manager) 24X7 for these kind of questions.
ASKER
First off, thank you both for help on this. I appologize for not getting back to you earlier. Heres how I have the symantec hierchy designed at the moment.
-System Hierarchy
-CBS (Stands for City Blue Springs)
-Groups
-Servers
-Workstations
-Laptops
-CBSGIS (my server name)
I have one Parent server which is set to pull its updates from Symantec Liveupdate Server.
Under the Virus Definition Manager option for this server, I have Update Primary Server of this group only selected and schedule clients for automatic updates using Liveupdate. Download Product Updates using liveupdate is also selected.
On each group folder I have the Liveupdate configuration set to the internal server (CBSGIS). Under Virus Definition Manager I have it set to download products using Liveupdate, and the Update virus definitions from parent server is not selected. This, I believe, is how you make sure the updates are being pulled down via Liveupdate and not Intelligent Updater.
So, the virus definitions are updating successfully on the network. Here's my first question. When you open the symantec client on a computer, you can see the parent server listed. From what I can see, however, there is no way to verify that the client is using liveupdate or Intelligent Updater to pull its def's from the parent server.
Additionally, I have manually installed the 10.0.2.2000 update to symantec 10.0 on the parent server and one of my DC's. I've also set, through LUAdmin, to download def's and product updates for Symantec Antivirus Corporate edition. I waited over night, and all of the clients are still showing 10.0.1.100 for the version number. Thank you both again for your help so far. Any additional help on these last two items would again be appreciated.
-System Hierarchy
-CBS (Stands for City Blue Springs)
-Groups
-Servers
-Workstations
-Laptops
-CBSGIS (my server name)
I have one Parent server which is set to pull its updates from Symantec Liveupdate Server.
Under the Virus Definition Manager option for this server, I have Update Primary Server of this group only selected and schedule clients for automatic updates using Liveupdate. Download Product Updates using liveupdate is also selected.
On each group folder I have the Liveupdate configuration set to the internal server (CBSGIS). Under Virus Definition Manager I have it set to download products using Liveupdate, and the Update virus definitions from parent server is not selected. This, I believe, is how you make sure the updates are being pulled down via Liveupdate and not Intelligent Updater.
So, the virus definitions are updating successfully on the network. Here's my first question. When you open the symantec client on a computer, you can see the parent server listed. From what I can see, however, there is no way to verify that the client is using liveupdate or Intelligent Updater to pull its def's from the parent server.
Additionally, I have manually installed the 10.0.2.2000 update to symantec 10.0 on the parent server and one of my DC's. I've also set, through LUAdmin, to download def's and product updates for Symantec Antivirus Corporate edition. I waited over night, and all of the clients are still showing 10.0.1.100 for the version number. Thank you both again for your help so far. Any additional help on these last two items would again be appreciated.
Live update will get you the def updates, and all application updates
If you VDTM (Virus Def Transfer Mode, parent server gets update and passes it down) you will only get minor product updates and not the major ones, as well as def updates.
The best solution is to use a combination of VDTM and Liveupdate, you could do this by either allowing your systems to contact the Symantec Liveupdate servers (this is an option in the client config in the system center) or configure your own internal liveupdate server.
I'm sorry but I'm not sure exactly what you are looking for in clearing up my earlier answer, please tell me what I can clerify for you and I will do my best, but for now this may help
SYMANTEC LIVEUPDATE SERVERS
|
|
PARENT SERVER
/ \
/ \
SECONDARY SERVER SECONDARY SERVER
/ | \ / | \
CLIENTS CLIENTS CLIENTS CLIENTS CLIENTS CLIENTS
Basicly each system gets it's updates from the server above it in the chain (if you use VDTM)
Any system with internet access can access liveupdate and you can set the schedule for liveupdate on your clients in the system center.