cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ePO 4.5 Global Updating

Jump to solution

I am running ePO 4.5 and I have a question RE global updating. Currently Global Updaing is disabled and we are not using Super Agent.We have 17 distributed repositories and I need to know what is the risk turning on Global Updating. Do I really need to turn on?, what is the risk?

Distributed Repositories get their update through repository replication task.

ePO 4.5

MA 4.5

VSE 8.5 w 8

        8.7 w 3

I appreciate your advice.

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: ePO 4.5 Global Updating

Jump to solution

First lets explain exactly how global updating works. A global update is triggered when one of the items tagged to trigger a global update is checked into the master repository. For example if you have DAT checked on the global updating configuration page (menu | configuration | server settings | global updating | edit) when a DAT file is checked into the master repository it will trigger a global update. A repository pull for example would check a DAT file into the master repository or you could do it manually. Once a global update is triggered it sets in motion the following chain of events:

  1. Starts a repository replication to all distributed repositories
  2. Sends a super agent wakeup call to all super agents
  3. Super agents that receive the super agent wakeup call send out a broadcast call. This is the purpose of a super agent that is not a super agent repository, to propagate the broadcast call to all network segments; however, you do not have to deploy a super agent to every network segment for global updating to work (see step 5).
  4. Agent which receives the broadcast call will trigger a one-click update*
  5. All client machines are flagged on the ePO side to run a one-click update the next time they communicate with the ePO server. This means that within roughly one hour (the default agent-to-server communication interval) of triggering a global update all clients should have completed a one-click update.

* A one-click update is not a selective update. Any agent that triggers this type of update task will apply any update if finds in whatever repository it connects to for any product it has currently installed. This is a possible risk depending on your objective. If you have a patch for example checked into the current branch of your master repository that you do not want deployed to all client machines then global updating is not for you. You could however check patches into the evaluation branch and test them out and then move them to the current branch when you are ready for a mass deployment.

So here would be the risks:

  • Premature deployment of updates (see one-click update above).
  • 'Unexpected WAN/LAN congestion. If you rely strictly on server tasks for your repository replication and client tasks for your client updates you can control carefully exactly when these events occur (perhaps after hours when your WAN has very little traffic). A global update is event driven so if something gets checked into your repository (a DAT, a patch for VSE, etc) that triggers a global update you can suddenly have repository replication and client update tasks running when you did not intend them to.
As far as whether you should or should not turn it on it really depends on your environment and your goals.
I hope that helps!

Message was edited by: Jeremy Stanley on 5/27/10 9:04:43 PM CDT

View solution in original post

2 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: ePO 4.5 Global Updating

Jump to solution

First lets explain exactly how global updating works. A global update is triggered when one of the items tagged to trigger a global update is checked into the master repository. For example if you have DAT checked on the global updating configuration page (menu | configuration | server settings | global updating | edit) when a DAT file is checked into the master repository it will trigger a global update. A repository pull for example would check a DAT file into the master repository or you could do it manually. Once a global update is triggered it sets in motion the following chain of events:

  1. Starts a repository replication to all distributed repositories
  2. Sends a super agent wakeup call to all super agents
  3. Super agents that receive the super agent wakeup call send out a broadcast call. This is the purpose of a super agent that is not a super agent repository, to propagate the broadcast call to all network segments; however, you do not have to deploy a super agent to every network segment for global updating to work (see step 5).
  4. Agent which receives the broadcast call will trigger a one-click update*
  5. All client machines are flagged on the ePO side to run a one-click update the next time they communicate with the ePO server. This means that within roughly one hour (the default agent-to-server communication interval) of triggering a global update all clients should have completed a one-click update.

* A one-click update is not a selective update. Any agent that triggers this type of update task will apply any update if finds in whatever repository it connects to for any product it has currently installed. This is a possible risk depending on your objective. If you have a patch for example checked into the current branch of your master repository that you do not want deployed to all client machines then global updating is not for you. You could however check patches into the evaluation branch and test them out and then move them to the current branch when you are ready for a mass deployment.

So here would be the risks:

  • Premature deployment of updates (see one-click update above).
  • 'Unexpected WAN/LAN congestion. If you rely strictly on server tasks for your repository replication and client tasks for your client updates you can control carefully exactly when these events occur (perhaps after hours when your WAN has very little traffic). A global update is event driven so if something gets checked into your repository (a DAT, a patch for VSE, etc) that triggers a global update you can suddenly have repository replication and client update tasks running when you did not intend them to.
As far as whether you should or should not turn it on it really depends on your environment and your goals.
I hope that helps!

Message was edited by: Jeremy Stanley on 5/27/10 9:04:43 PM CDT

View solution in original post

Highlighted

Re: ePO 4.5 Global Updating

Jump to solution

Jeremy,

Thanks for your time and effort to explain this. We are currently using Repository replication server task for all my distributed repositories so I guess global updating might not be necessary for our environment.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community