The stores link is 512kb/128kb (I think) Managed WAN (ADSL)
I think that is your problem right there. DAT updates will go through without issue as they are comparatively tiny.
The MA installer is ~35MB and VSE installer is around 40MB. Most business environments will be using 100/1000Mbps links between the endpoints and the ePO server, so the deployment will sail through in seconds.
Even maxing out your link, downloading ~75MB through 512Kb connection to just one site is going to take ~20 mins. Even if you managed to clear the decks and have NO other activity at all on the link, with that scale of deployment, you're looking at close to 40 hours to download across your estate.
I don't really think there's anything in ePO that can manage this issue for you, as it's purely networking-based. To me, your options are:
1) Get on the phone sharpish to your ISP and get the links upgraded (unless your head office is on top of a mountain in Siberia, there has to be some kind of fibre connection they can hook you up to, possibly with a cost saving too)
2) Scale back the deployment to a handful of endpoints at a time and be prepared for the long haul
3) Go back to basics; download the agents from the McAfee website, fire up the CD/DVD burner; get copies made for each site and post them out.
I agree with chrisakinika, network needs some upgrades.
I'm not sure if you've already tried to setup SADRs at your remote sites, that way the agents at each site would go locally to that SADR and pull the patch rather then ePO itself.
Also, with MA 5.0+, McAfee introduced peer-to-peer content updating from peer agents. I would look into that as well if you are moving up to MA 5.0+, could possibly help out.
you´ve had already some good sugesstions in here.
There are several point to consider:
1. Working with distributed repositories ( I think it´s what fitch meant by SADRs). You would have a workstation or server on the remotesite that host´s the whole repository in copy to your masterrepo. You could do the replication at night, so that there is no impact to the employees. The endpoints in that subnet can then be set to only pull there updates from this distributed repository.
2. You could do the same there with an agenthandler, so you could even minimize the traffic for all the other communication going on between server and client.
3. The also mentioned peer-to-peer feature with McAfee-Agent 5. If you enable it on all your clients, they pull stuff from eachother, so this will only cause remotesite-traffic. But one client needs initial update from the ePO-Server. So when people are getting to business and all turn on their computer at 8 o´clock, they will all contact your ePO as there is no client onsite with the actual data.
So i think best way to go is the distributed repo with an corresponding ruleset to the agents only pulling stuff from there.
Well I feel embarassed now!
I somehow got a 1:1 correlation between sites and computers on them in my head, which is why I didn't mention dist. repositories in my original answer.
SADRs and peer-to-peer functionality are a great solution in the office(s) with multiple endpoints, (e.g. say there's an office with 10 endpoints, 1 acting as an SADR to deploy to the rest of them saves you a few hours of deployment time) but it doesnt really give any benefit for the sites where there is only 1 PC - which I'm guessing there will be quite a few of, given the site:endpoint ratio.
Going back to the connection again; a lot of this depends how the site offices communicate:
If the site offices are connecting to the internet (and each other) by VPN back to the head office over the 512Kb links, the process is still bottlenecked and no features of ePO can change that.
However, that said - if the sites link to each other via VPN as well as to head office, the situation gets a lot more promising. Setup a dozen or so SARDs in your largest remote offices, assign ruleset so that 10-15 endpoints report in to each, and you could dramatically decrease the deployment time.
Ahhh i see, a little misundestanding on my side. You are right, there are many remotesites and only a few computers if not only one per site.
Forget what i wrote, chris is right then.
I would love nothing more than to upgrade our links to fibre but the problems are: We are located in Australia, Telstra our Telco (biggest in this country), money and we aren't a tech company. Getting an upgrade approved isn't likely an option.
My hands are tied on this and have to work with what we got.
Assuming from that, since you're in Australia, the offices arent exactly close to each other?
Pretty much. That isn't the problem, the problem is our Internet speeds are some of the worst in the world. Even two of our stores that is like 2km away from head office is on 512\128kb due to our Telco requirements for guaranteed speed on their managed service.
I've managed to deploy VSE 8.8p5 successfully, now looking at Agent 5.0. I have deployed it to 2 stores without issues.
In future might have to deploy VSE via copying the files to the remote PC's first then running a script to install it silently.