About Group Update Providers
Group Update Providers (also know as GUPs) can be used in networks to distribute content updates. Clients will still need a Symantec Endpoint Protection Manager to connect to. The Manager is what informs the client that it should download new content from the Group Update Provider. The Manager is also responsible for distributing policies and collecting logs from the client.
For improved bandwidth, implement a Group Update Provider on an "always-on" machine running a Server OS (such as a Windows File server).
For remote sites with less than 10 machines, it may make most sense to have the local SEP clients connect directly to their SEPM for content updates or to Symantec Liveupdate on the internet.
When there are over 50 machines at the remote site, it advisable to install 1-2 GUPs to handle content distribution, while the clients are managed with a SEPM physically located at another office.
Group Update Provider As "Secondary Server"
The most significant load on the Manager comes from distributing content. GUPs can be used to supplement or replace a SEPM for distributing content updates to SEP clients. Rather than each of your branch clients connecting to the main office SEPM, it receives its updates from the Group Update Provider.
GUPs cannot be used to update policies or manage clients. This means that clients will still need network connectivity to a SEPM in order to perform the heartbeat process, which updates their policies, and informs them when new content is available to download from the GUP.
3. Configuration of Endpoint Protection
Organize Branch Offices by Group
Using this organization method will allow you to configure settings specific to each branch location. This will improve the performance of content distribution significantly, and greatly reduce the load on the server.
Use a Group Update Provider in Every Group
It is recommended that a GUP be on the same network segment as all clients configured to update from the GUP. Though bandwidth usage can be significantly reduced by using GUPs strategically, it is still important to ensure that GUPs are positioned in the network to maximize their effectiveness. GUPs should only be configured to provide updates to for clients on their local network segment. The GUP must have sufficient bandwidth to deliver content packages of up to 45 MB to the clients it serves up to 3 times a day.
Disable Policy Inheritance for Branch Office Groups
You must disable policy inheritance on the groups that will be using the GUP functionality of the Symantec Endpoint Protection software. If you have policy inheritance enabled on the groups that the GUP's were configured on they will revert back to the GUP configured for the Global group.
Click on the "Clients" tab.
Click on the name of the group.
Click on the "Policies" tab.
Under "Policy Inheritance" uncheck "Inherit policy and settings from parent group '<Group Name>'."
Configure Branch Groups for Pull Mode with Optimal Heartbeat
Endpoint Protection by default is set in "Push" mode. You should switch your branch offices to "Pull" mode. Clients that use the Pull mode download policies and content based on the Heartbeat interval setting, which is set to 5 minutes by default. Even in slower bandwidth environments, the heartbeat can be as frequent as every hour.
Click on the "Clients" tab.
Click on the name of the group.
Click on the "Policies" tab.
Under "Location-independent Policies and Settings" click on "communication settings".
Under "Download" check "Pull Mode"
Under "Heartbeat Interval" enter in a more convenient heartbeat. The default is 5 minutes.
Configure Log size
Configure Throttling
Group Update Provider (GUP) bandwidth throttling was introduced in SEP 11.0 MR4. Please refer to the following document for configuration instructions.
'How to configure GUP bandwidth throttling in Symantec Endpoint Protection 11.0 MR4?'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008121722041748?Open&seg=ent
Click on the "Clients" tab.
Click on the name of the group.
Click on the "Policies" tab.
Under "Location-independent Policies and Settings" click on "client log settings".
Adjust log settings if necessary.
.