10 January 2011

Optimise Sophos software update deployment configuration and schedule Part II

In Part I of this series we discussed what we want and what the basic update architecture is.  In Part II we will address the Enterprise Console and the SUM configuration.

Subscription Configuration
To add a Software subscription is important if you want more static control over your software updates.  Also, only subscribed packages will be available for the SUMs to choose from.  This also governs what subscriptions can be specified in the updating policy.


In the green outlined section you can see that there are not only major version available to choose form but also lower increments.  By default the Recommended option is the most up to date as soon as it is available subscription.  This is a good one to have but you might just want to throttle back to software updates, you can do this by selecting one of the minor versions, like 9.5.4 VDL4.61G  by default this will then be updates as soon as it is too far out of date.  The problem is that you are then three months behind in the software updates.

SUM configuration
Once the Enterprise console has been updated with the available subscriptions these will now be available for the SUMS to use.  One of the tabs in the SUM configuration is Schedule.  Here is were we can get quite a bit of control.


Here is the part where you can differentiate between definition software updating.  The green section is definitions and you would want these to update often.  The red section if for the bigger software updates.  By default the SUM is set to check for these every 60 minutes.  In the image you can see that I have created my own schedule.  This allows you more control as to when you want to update the SUM. This is critical since once the SUM has been updated the endpoint will pull down ALL the latest updates available including the software updates.


In this example is specify for the sum to only check for and update software update on Saturdays between 9PM and 11PM.  This way I know that software updates on the clients will only start once a month on a Saturday after 9PM.  That has already given us loads more control.

In a previous article I explain how to use IIS for your CID to further give more control over the amount of sessions and the bandwidth limiting that can be done.  http://fixmyitsystem.blogspot.com/2010/11/using-sophos-update-managers-and-iis.html

No comments:

Post a Comment