How to configure clients as Local Update Hosts (LUH) to reduce network bandwidth usage

book

Article ID: 158644

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

When using the Cloud version of Symantec Endpoint Protection Small Business Edition (SEP SBE) in environments where bandwidth is limited it may be favorable to limit the number of machines which connect to the internet for updates, in which case we recommend enabling Local Update Hosts (LUH). Clients defined as LUHs download virus definitions and software updates from the internet and redistribute them locally to the rest of the machines on their network.

Note: Local update hosts use port 3128 so it must be accessible

Resolution

Assigning Clients as Local Update Hosts

Once network topology has been considered and specific clients have been designated to serve as Local Update Hosts they will need to be defined in the cloud management console and have the Local Update Host service installed, to do so:

  1. Log in to the cloud management console
  2. Navigate to the "Computers" tab
  3. Find the client which should be designated as a LUH and click on the client name.
  4. This will open the "Computer Profile" entry for the client, click on the "Enable as Local Update Host" link.
  5. This will bring up a popup window asking to confirm the client should be enabled as an LUH, click "Continue."
  6. It will take a few minutes for the client to download the LUH components and apply settings. By refreshing the "Computer Profile" page a few minutes after applying the settings it should be possible to verify the client LUH status and confirm that it is online.
     

Local Update Host Policy Considerations

The default System Policy in the cloud management console will direct clients to communicate with any available LUH in the environment. It is possible for the network to be configured in such a way that using this setting will result in clients trying to connect to LUHs in different physical locations or on different network segments, increasing their bandwidth usage and defeating the purpose of implementing LUHs.

There are three different options available for LUH configuration in the System Policy:

  • Connect to any available local update host(s) - clients will indiscriminately try to connect to any local update host they can reach on the network.
  • Do not connect to any available local update host(s) - clients will all connect directly to the internet for updates.
  • Specify the local update host(s) for this group - clients will connect to specific local update hosts depending on the group they are in.

In situations where there are client machines in multiple locations which should be limited to using specific LUHs, we recommend creating a group for each location and creating a System Policy for each group to define which particular LUHs should be used. 

For instructions on creating groups and moving clients into them see TECH212340.

In order to create individual System Policies determining which LUHs are to be used by clients in a particular group and assign them use the following process:

  1. Log in to the cloud management console
  2. Navigate to the "Policies" tab
  3. Click on "Default System Policy"
  4. In order to edit the policy click the "Save a Copy" link.
  5. Name the policy something unique so that it can be identified later and add a description (optional).
  6. Under the Local Update Service section, check "Specify the local update host(s) for this group."
  7. Highlight the local update host which should be assigned to the group (multiple can be selected simultaneously by holding control and clicking).
  8. Click add. The Local Update Host should now appear in the "Assigned local update host(s)" column on the right.
  9. Under "Groups," check the box for the group to which the policy should apply.
  10. Click "Save & Apply"

This process will need to be repeated for each group in the environment.

 

Network Topology Considerations

Make sure to consider network topology before implementing LUH configurations. We recommend configuring at least one LUH at every physical location to ensure that clients aren't crossing network segments attempting to contact LUHs at different locations.