6 Replies Latest reply on Nov 7, 2013 12:19 PM by joeleisenlipz

    Bandwidth issue with epo 5.0

    blason

      Hi Folks,

       

      I have epo 5.0 for around 250 users with one epo server only. I am facing BW issue and BW is getting choked up as soon as epo server comes online.

      While investigating I foudn that I should see to it; that software should not be deployed/installed at every policy enforcement interval. May I know where should I look for the options in 5.0?

       

      And any other solution/hints you guys can provide?

        • 1. Re: Bandwidth issue with epo 5.0
          Peter M

          Moved to ePO for better support.

          • 2. Re: Bandwidth issue with epo 5.0
            joeleisenlipz

            First, I would go into the server's settings and disable Global Updating, at least until you get everything else sorted out (if not permanently).

             

            Next, I would take a look at the client tasks that are currently configured. Most organizations use a couple standard/default scan and update tasks on a daily basis, and then deal with oddballs from there.

             

            You may also want to consider suspending any installation tasks until you get a handle on everything else.

             

            --Joel

            • 3. Re: Bandwidth issue with epo 5.0
              blason

              Well let me have a look at it.

               

              Meanwhile, would it be possible to have few WAN users to talk to other Public IP of same server and rest talk to other? I mean I have two ISP links and can NAT epo server behind those 2 links. So wondering if is it possible to route few client via other link and remaining via primary?

               

              ISP1----------1.1.1.1 ----------------------192.168.1.33

                                                        [FIREWALL]

              ISP2----------2.2.2.2-----------------------192.168.1.33

               

               

               

               

              Out of 250, 100 talk to 1.1.1.1 and reamining 150; talk to 2.2.2.2

              • 4. Re: Bandwidth issue with epo 5.0
                joeleisenlipz

                I suppose you could rig that kind of a fake load-balancing setup by adding Agent Handler groups for each IP. Then create two different assignment rules--one listing A first and B second for half the population, and a second rule that lists B first and A second for the other half.

                 

                Personally, I'm not impressed with the Agent's native ability to randomize.

                 

                --Joel

                • 5. Re: Bandwidth issue with epo 5.0
                  blason

                  Well, in my firewall logs or analyzer it shows almost 5 GB/day is being used by port I set ASCI. The policy enforcement interval is 60 mins and ASCI is 6 hrs, even after that I did not notifce any difference in BW utilization and wondering how do I troubleshoot the issue.

                  • 6. Re: Bandwidth issue with epo 5.0
                    joeleisenlipz

                    5 * 1024 (Mega) * 1024 (Kilo) / 4 (ASCI per day) / 250 (systems) = 5,242.88 per system per ASCI

                     

                    If that is in (b)its, then I would say that is higher than I expected, but within the realm of reason.

                     

                    If that is in (B)ytes, then I would definately say that is high, but I have no idea how many events your systems normally generate. Do you use a whole pile of McAfee titles, or is it just the Agent & VirusScan (as an example).

                     

                    The simple answer might be to bump up your ASCI for a few days and see what kind of difference that makes. That will reduce the bandwidth used by normal system props data, but your clients would still be generating the same number of threat events--so the bandwidth from event data would remain unchanged. But, to be honest, I prefer much smaller ASCI and policy enforcement values--so I am used to seeing claims of 'excessive' bandwidth.

                     

                    I believe there is also an option in Agent policy to send only the delta in system properties, rather than the whole set of data.

                     

                    --Joel