Assuming best practices are followed, a Group Update Provider (GUP) is officially supported providing content updates for up to 10,000 connected SEP Clients. That said, if a GUP is running on a machine that also performs other functions, such as a Domain Controller, Web Server or File Share, shared resource utilisation impact should be considered.
Best practice recommendations:
- Ensure the GUP’s local SEP Client is running the latest available Maintenance Release (MR), so all available optimisations and fixes are leveraged.
- When running 5000 or more connected clients to a GUP it is recommended that a dedicated system is used so that resource utilization is not saturated when the IPS/Firewall is enabled.
- Configure connected SEP Clients with at least two locations so they retrieve content updates via public Liveupdate when not connected to the corporate network. This will ensure there is a higher likelihood of their content remaining relatively recent when they do connect to the corporate network (so filesize of content that gets transferred from the GUP is minimised).
- Configure the SEPM to retain at least 42 content revisions (this will ensure the GUP can provide an incremental content update for connecting SEP Clients, even if they are out of date on content by up to 2 weeks), preferably more. This will help minimise impact on local network bandwidth. Note though, it will also mean additional disk space will be utilised on the SEPM and Database machines.
- When SEP Clients are first installed, by default, they will initially attempt to download a full content update. Keep this in mind when enabling a GUP. If a large number of SEP Clients (5000+) are being installed within the same short time window and are configured to connect to the same local GUP, this local GUP may experience unusually high and sustained resource utilisation until the connected SEP Clients are updated to a relatively recent content update version.