9 Replies Latest reply on Jul 22, 2010 12:30 PM by tesdall

    Help WIth  Repositories

      Our organization has a few servers over at different locations. Each location has a different subnet.

       

      Lets say HQ has 10.0.1.0

      Texas has 10.0.2.0

      MO has 10.0.3.0

       

      They are on a Ethernet Backbone so I have HOPs. I just did a trace route from 10.0.1 to 10.0.2 and it was 8 hops away.

       

      How can I keep the people in Texas from going to MO's server? Since this is a virtual star network I don't want double the traffic on my wan. Or haw can I make them come back to HQ or go to the Internet if they don't find a repository on their subnet?

       

      Names and Places have been made up to protecte the inocent.

        • 1. Re: Help WIth  Repositories
          jstanley

          The best way to guarantee that agents will not attempt to update from undesirable repositories is to modify your agent policy to use a User Defined repository list. This will only be practal if your EPO server's system tree is organized by geographic location.

           

          So lets assume that all machines in Texas are in a group inside EPO called Texas. To make the change do this:

          1. Logon to the EPO console
          2. Navigate to the Texas group | Assigned Policies
          3. Create a new agent policy for this group and edit it
          4. Click on the Repositories tab of the agent policy. This section of the agent policy controls what repositories the agent can use and how it selects them.
          5. Select Use order in repository list.
          6. Order the repositories in the list appropriatly.
          7. Disable any repository that you do not want the agents in the Texas group to use under any circumstance and save the policy.
          • 2. Re: Help WIth  Repositories

            what your saying is i need to make 13 different list for 13 different groups to use the correct repository? kind of seems silly.

            • 3. Re: Help WIth  Repositories
              Sk1dMARK

              Using your case, I think you would only need 3.  You need one policy per repository assignment.

               

              For example, you could create an HQ repository policy that has a list of the repositories that client machines in HQ could use, and then apply the policy to all of the clients that you want to use that repository or repository order.  And so on for the rest.

               

               

              Regards,

               

              Mark

              • 4. Re: Help WIth  Repositories

                that was an example of my network. Its much larger than that.

                 

                I have 13 different plants with 5 repoistories.

                • 5. Re: Help WIth  Repositories
                  jstanley

                  You can use the default "ping time" where the agents will attempt to connect to the repository that responds with the lowest ping time if you like that works fine in most cases. The above instructions are mostly if you want to ensure that under no circumstances a client goes to the wrong repository. If you rely on ping time and the local repository is either down or not up to date the clients may end up going to the wrong repository causing congestion on the wan.

                  • 6. Re: Help WIth  Repositories
                    Sk1dMARK

                    Regardless.  With your updated figures, you will need 5 policies for what you want to accomplish.

                     

                    Here's what I have done in my environment.

                     

                    I have hundreds of sites, over 3 thousand IP subnets, and 8 Distributed Repositories (2 on the east coast, 2 in central, 2 on west coast, and 2 that serve large offices).  Using the subnets in ePO, I have divided up the number of client machines in half per region.  The policies below are what I have applied to clients in each of the geographic areas (half use Policy 1 and the other half use Policy 2, but still only one policy per distributed repository is needed).

                     

                    If things are right with the ePO infrastructure; half of the machines will update from their regional DR_1 and the other half from their regional DR_2 in each of the geographic areas.  If something is wrong, they will run down the list, which I listed in order based on physical distance, until they find one that works.

                     

                    EAST Policy 1

                     

                    East_DR_1
                    East_DR_2
                    Central_DR1
                    Central_DR2
                    West_DR_1
                    West_DR_2
                    Large_DR_1
                    Large_DR_2

                     

                     

                    EAST Policy 2

                     

                    East_DR_2
                    East_DR_1
                    Central_DR_2
                    Central_DR_1
                    West_DR_2
                    West_DR_1
                    Large_DR_2
                    Large_DR_1

                     

                     

                    Central Policy 1

                     

                    Central_DR_1
                    Central_DR_2
                    East_DR_1
                    East_DR_2
                    West_DR_1
                    West_DR_2
                    Large_DR_1
                    Large_DR_2

                     

                     

                    Central Policy 2

                     

                    Central_DR_2
                    Central_DR_1
                    East_DR_2
                    East_DR_1
                    West_DR_2
                    West_DR_1
                    Large_DR_2
                    Large_DR_1

                     

                     

                    West Policy 1

                     

                    West_DR_1
                    West_DR_2
                    Central_DR_1
                    Central_DR_2
                    East_DR_1
                    East_DR_2
                    Large_DR_1
                    Large_DR_2

                     

                     

                    West Policy 2

                     

                    West_DR_2
                    West_DR_1
                    Central_DR_2
                    Central_DR_1
                    East_DR_2
                    East_DR_1
                    Large_DR_2
                    Large_DR_1

                     

                     

                    Large Policy 1

                     

                    Large_DR_1
                    Large_DR_2
                    West_DR_1
                    West_DR_2
                    Central_DR_1
                    Central_DR_2
                    East_DR_1
                    East_DR_2

                     


                    Large Policy 2

                     

                    Large_DR_2
                    Large_DR_1
                    West_DR_2
                    West_DR_1
                    Central_DR_2
                    Central_DR_1
                    East_DR_2
                    East_DR_1

                     

                    Hope this helps.

                     

                     

                    Regards,

                     

                    Mark

                     

                     

                    on 12/15/09 3:40:56 PM EST
                    • 7. Re: Help WIth  Repositories
                      mrpg

                      I'm in the same boat- dealing with multiple segmented wans in almost every state-  I''ve setup the default agent policy to use ping time, but i also see the option for by network hops were you can specify a maximum number of hops.   I may try this with a max of 3.

                       

                      To the question though,  I am using ping time and I would give it a success rate of 7 out of 10- mint the 3 times it misses the closest options- its usually not a very drastic reach.

                      • 8. Re: Help WIth  Repositories
                        jstanley

                        Perhaps some clarification on how ping time works would assist.

                         

                        So when a client is set to use ping time and it wants to determine what repository it will update from it does not actually ping all of the repositories (unless you have less than 5 sites) rather it finds the 5 repositories with the closest subnet value to the client and pings those. Then it attempts to update from whichever of those 5 repositories returns the lowest ping time.

                         

                        Also we did not discuss the other options which is to use Subnet distance to determine the repository. In this scenario a client machine simply calculates which repository has a subnet closest to its own and uses that repository. This is only helpful if your subnets are setup based on geographic region.

                        • 9. Re: Help WIth  Repositories

                          I eneded up making the 5 repositories and making the 5 policies and then deploying the policies at those locations. Since I have a virtual star network all the traffic would come to HQ before it would go to another repository.

                           

                          All the locations that have a repository received policies and all the ones that did not have one would just come back to HQ to get the update (or the Internet). But heck, even if they go to the Internet they have to come back to HQ first.

                           

                          I didn't design the network, i just make sure it works.