Hi there,
we're planning to implement SEPM and there is one question I can't get answered by the Forums and Tech Articles.
We have the following situation:
We do have approx. 70 branch offices, where 20 of them are worthy of an own GUP; in relation to the computers count in the office. All of these branch offices do have their own subnet (10.123.22.0, 10.123.44.0 and so forth).
My plan:
- branch offices with GUPs using GUPs
- if no GUP is online, fallback to SEPM
- branch offices without GUP using SEPM
- HQ uses SEPM
My idea was to define a single LU policy to rule them all:
- with a list of GUPs in the "Multiple Group Update Providers"
- and if they're not available they fall back to SEPM;
- the checkmark "Maximum time that clients try to download updates from a Group Update Provider before trying the default management server" should to the trick.
- For the subnets where no GUP is defined, these clients are connecting to the SEPM
According to Tech Article 139867 GUPs are only used, if they're in the same subnet. That sounds good. But at the end of the Article the following is stated.
Understanding GUP Bypass options
If you configured the option that lets clients bypass a Group Update Provider if they try and fail to connect to the Group Update Provider - the "Maximum time that clients try to download updates from a Group Update Provider before trying the default management server" option - then the following will occur:
If the client has a GUP in its local subnet that is temporarily unavailable and a Group Update Provider on a different subnet is configured and available, the client will contact that GUP in the different subnet almost immediately.
That is the exact oppsite from what I want.
So how do guys have solved this? Define a LU policy for each "GUP worthy" branch office with an own GUP and put the "not GUP worthy" computers into another group?
Would the "one policy to rule them all" approach still work if I set the timeout to fallback to SEPM very low, say 15 minutes? Because the GUP is either on or off.
Thanks for help,
S-L
Sources:
Tech 139867: https://support.symantec.com/en_US/article.TECH139...