CB Protection: How many agents should be installed or upgraded at a time, in a VDI environment?
book
Article ID: 290756
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
When installing CB Protection agents as new installs, or upgrading agents, in a VDI environment, what is the recommended number of installs or upgrades to conduct at a given time?
Environment
CB Protection Server: All Supported Versions
CB Protection Agent: All Supported Versions
Resolution
When installing CB Protection agents as new installs, or conducting upgrades in a VDI environment, it is always recommended to start with a few installs/upgrades, then proceed from there. The issue with a VDI environment, is that all resources are shared amongst the endpoints that reside in this environment. Doing a large number of installs or upgrades can cause resource contention during the install period or upgrade, and can further cause resource contention afterwards with items such as agent cache backups being on a similar schedule, etc. A hard number really depends on how large the environment is, hardware resources dedicated to the environment, etc. It is best to start small, then increase in number slowly to avoid resource contention.
Important
Before you re-enable system-wide agent upgrades, be sure you disable upgrades for policies you don’t want upgraded immediately.
Simultaneous upgrade of a large number of agents may impact system performance. Contact Carbon Black Support for best practices for bulk agent upgrades.
When a Cb Protection Server is upgraded from one major version to another (such as v6.0.2 to v7.2.1), ongoing enhancements to “interesting” file identification make it necessary to rescan the fixed drives on all agent-managed computers. These upgrades also require a new inventory of files in any trusted directories to determine whether there are previously ignored files that are now considered interesting. This process involves the same activity as agent initialization, and can cause considerable input/output activity, which can require between minutes and many hours, depending upon the number of agents and the number of files. For both upgrades managed by the Cb Protection Server and those using third-party distribution methods, Carbon Black recommends a gradual upgrade of agents to avoid an unacceptable impact on network and server performance.