CB Protection: How many agents should be installed or upgraded at a time, in a VDI environment?
search cancel

CB Protection: How many agents should be installed or upgraded at a time, in a VDI environment?

book

Article ID: 290756

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • When installing CB Protection agents as new installs, or upgrading agents, in a VDI environment, what is the recommended number of installs or upgrades to conduct at a given time?

Environment

  • CB Protection Server: All Supported Versions
  • CB Protection Agent: All Supported Versions

Resolution

  • When installing CB Protection agents as new installs, or conducting upgrades in a VDI environment, it is always recommended to start with a few installs/upgrades, then proceed from there. The issue with a VDI environment, is that all resources are shared amongst the endpoints that reside in this environment. Doing a large number of installs or upgrades can cause resource contention during the install period or upgrade, and can further cause resource contention afterwards with items such as agent cache backups being on a similar schedule, etc. A hard number really depends on how large the environment is, hardware resources dedicated to the environment, etc. It is best to start small, then increase in number slowly to avoid resource contention. 
Important
  •  Before you re-enable system-wide agent upgrades, be sure you disable upgrades for policies you don’t want upgraded immediately.
  •  Simultaneous upgrade of a large number of agents may impact system performance. Contact Carbon Black Support for best practices for bulk agent upgrades.
  •  When a Cb Protection Server is upgraded from one major version to another (such as v6.0.2 to v7.2.1), ongoing enhancements to “interesting” file identification make it necessary to rescan the fixed drives on all agent-managed computers. These upgrades also require a new inventory of files in any trusted directories to determine whether there are previously ignored files that are now considered interesting. This process involves the same activity as agent initialization, and can cause considerable input/output activity, which can require between minutes and many hours, depending upon the number of agents and the number of files. For both upgrades managed by the Cb Protection Server and those using third-party distribution methods, Carbon Black recommends a gradual upgrade of agents to avoid an unacceptable impact on network and server performance.