LiveUpdate Administrator best practices

book

Article ID: 177623

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Best practices for designing, implementing and maintaining a LiveUpdate Administrator (LUA) infrastructure.

Resolution

Before you start

LUA is not recommended for the following scenarios:

  • Updating any amount of clients through LUA instead of through a management server like Symantec Endpoint Protection Manager (SEPM).
  • Updating environments with less than 1700 unmanaged clients sharing the same Internet connection.
  • Updating clients across WAN links.

Symantec products download updates from the Internet using a LiveUpdate client by default. Configuring and administering an LUA infrastructure adds several layers of complexity to the process of updating Symantec products.

Use the following guidelines to ensure the extra complexity and bandwidth usage generated by LUA provide a net benefit. See when to use LiveUpdate Administrator for more information on recommended use cases for LUA.

Get started

Use the latest available release

New versions of LUA contain fixes for customer reported issues, as well as vulnerability mitigations, stability and usability enhancements, and new features. Whenever possible, use the latest version of LUA for any new LUA deployments, and upgrade existing LUA servers to the latest version as soon as possible.

See Download LiveUpdate Administrator for the latest version of LUA.

Compatibility

To prevent resource contention or performance problems:

  • Do not install LUA on the same computer as Symantec Endpoint Protection Manager (SEPM).
  • Do not install LUA on the same computer as another Tomcat based Web server.
  • Do not install LUA on a database server.
  • Do not install LUA on a Symantec Endpoint Protection (SEP) client configured to be a Group Update Provider (GUP).

Note: Installing LUA on the same computer as SEPM is not supported.

Install on Virtual Machines

LUA uses a significant amount of I/O and network bandwidth. Virtual Desktop Infrastructure (VDI) environments tend to use large amounts of relatively fast storage shared among many virtual machine (VM) computers. Even though the very fast shared storage is much faster than a single desktop hard drive, the I/O bandwidth available to individual virtual machines running on shared storage is often much smaller than the I/O bandwidth available on a physical machine with relatively slow storage.

To avoid I/O and network resource issues, Symantec recommends the following if LUA must be installed on a VM:

  • Ensure adequate disk I/O bandwidth is available to the VM running LUA.
  • Use a statically configured virtual drive, or dedicated physical drive to store LUA content (a dynamically allocated drive requires more I/O than a statically assigned drive).
  • The VM hosting LUA requires a dedicated Network Interface Card (NIC) for optimum performance.

Disk space

LUA requires a very large amount of free disk space to function properly. Ensure there is enough available storage to house all content downloaded/distributed by LUA without running out of free space. Use the following guidelines when configuring an LUA server's disk(s):

  • Install LUA to a secondary disk for best results.
  • Ensure there is 200 GB or more free disk space for each product version LUA is configured to update.

Daisy chaining LUA servers

Do not daisy chain LUA servers. For more information, see Configure LiveUpdate Administrator to download updates from another Liveupdate Administrator

Installation and configuration

Configure LUA tasks

LUA has a limited amount of memory and threads to handle scheduled tasks like downloading and distributing content, purging downloads and distributions, and database maintenance. These resources are also shared by built-in testing and production distribution centers. Use the following guidelines to ensure smooth operation of LUA's tasks:

  • Limit download and distribution schedule sizes. For example, when downloading content for multiple Symantec Endpoint Protection versions, configure separate download and distribution schedules for each version.
  • Limit the amount of scheduled tasks running at any time. For best performance, do not schedule more than one task to run concurrently. Never run more than 5 concurrent scheduled tasks of any type.
  • Do not run purge tasks at the same time as database maintenance, distribution or download tasks.
  • Do not run database maintenance tasks at the same time as any other task.

Purge settings

  • Configure Purge Updates in Manage Updates Folder to run daily, and to purge contents older than 1 revisions back.
  • Configure Purge updates in Distribution Centers to run daily at least an hour after the Manage Updates folder purge.

Maintenance and tuning

Database maintenance

Schedule database maintenance to run weekly. Do not schedule any other tasks to run at the same time as the weekly database maintenance schedule.

Network bandwidth

Monitor the bandwidth usage of LUA over time to ensure network stability. Bandwidth utilization statistics can be compared to estimated bandwidth usage based on the information in this section.

File system maintenance

  1. Ensure LUA is configured to periodically purge aged content from the local cached definitions as well as its distribution centers. By default these purge schedules run weekly and monthly respectively. Increasing the frequency these purge schedules are run will improve overall disk usage on the LUA server and any external distribution centers.
  2. Run a scheduled defragmentation of the hard disks where LUA stores cached and distributed content to improve the overall performance of the LUA server's disks.
  3. Ensure adequate system resources are available to prevent excessive paging of memory to disk.