Jump to content

ERA - adding 6 new sites and mirrors


qwerty
 Share

Recommended Posts

Good day All!

I am working for an SMB and in our office we are using ERA 6.5. The help I want is information (or confirmation) from the community about how best to implement my aim of being able to oversee AV on the 5 sites I discuss below (it will reach 10 sites in 12 months time), while each site's endpoints all update themselves using one mirror onboard.

In the office we have around 80 clients, connected to ERA which is installed on one server hosted in the cloud. This is all working fine, I am just stating what is in place and implemented properly before I move on.

However we have 5 other sites located in a very remote geographical location which aren't configured in a very smart way at all - you'd be shocked to hear how they are set up, and I am aim to fix this pronto. Each site is a separate workgroup not connected to our domain, and uses a satellite link with 512kbps download link / 256kbps upload link. So internet bandwidth is a scare commodity. The 5 remote sites have 11 PCs per site, plus one Windows Server 2012 or Ubuntu Linux server. Each ESET Endpoint (either ver 5.x or 6.x) obtains it's update from the internet, from whatever the default ESET server is. We have no oversight at all about the status of each of these endpoints, it is down to the local user to report or we must remotely VPN to check each one manually. You know as much as me that this is a recipe for disaster.

I have looked and the solution to the bandwidth problem is to set up a mirror server onboard, I have seen that this can be done very easily using the shared folder method and that this does not strictly require ERA. I understand that the HTTP/Apache proxy is a better implementation of mirroring. I could implement the Apache method using the all in one installer, I'll need to read up as it is simply just something I have not read enough about right now.

I then would like to add all of these ESET Endpoints to the ERA console. This will solve the oversight problem. I aim to do this using the manual method, setting up a group for each site, since each of the sites are not on our domain and use a local Workgroup.I hope to be able to do this by re-configuring the existing clients, rather than have to re-install each endpoint if it is already running v6.x. 

What do you think?

Many many thanks to you for reading.

 

Edited by qwerty
Link to comment
Share on other sites

  • ESET Moderators

Hello,

personally I would leave the Endpoints to update from the default ESET servers as the update is usually few tens or few hundreds of KiBs. Hosting a mirror for 10  or even 20 endpoints would actually increase the bandwidth usage. It is a bit complex, but it works that way. proxy is much better solution, but is probably not worth to use it for few clients.

When it comes to manageability I would connect all the Endpoints to ERA for sure, as managing it without any oversight is not possible. You just need to install the agents on the Endpoints and configure them to connect to your central ERA server.

Regards, P.R.

Link to comment
Share on other sites

Hi Peter,

Thanks for your help. Much appreciated indeed.

In regards to the local mirroring causing more bandwidth due to the complexity, can you point me to any information about this. Or perhaps you would care to explain?

The reason I ask is these sites have an unreliable internet connection, so the thought behind it is the less downloads occurring the better, even if local network traffic increases. I connected to one client yesterdat, it was around 2-4 months out of date but somehow it was a 155MB download which took 2 hours, and so during the 2 hours the internet performance at the site becomes degraded. Perhaps this particular one was downloading application component updates, or there was some error in the request and it wanted to download too much I am not quite sure. However it wouldn't be too good if multiple clients fell out of date, and upon detection wanted to consume similar levels of data.

Best Regards

Link to comment
Share on other sites

  • ESET Staff

I would recommend checking this (and linked) KB articles : http://help.eset.com/era_install/65/en-US/index.html?difference_connectivity.htm

Such big updates are only happening in case the product was not updated for a long time, and som major modules were updated.

Link to comment
Share on other sites

Hi Michal,

Thanks for the information, the table was very useful. The data suggests that a single client uses up around 23.9MB of data per month for updates, in an average month. Plus some other data for livegride / update.ver files.

What I am confused about is that it suggests if you set up an Apache/HTTP web proxy, the data usage would be much higher in my scenario. I don't understand why this would happen, I thought it would mean all of the packages are downloaded only once instead of multiple times, perhaps with some extra additional files.

The implication is 10 PCs direct to internet, internet data usage is 239MB. 10 PCs using Apache/HTTP proxy, the internet data usage is 900MB. So in my case it is suggested that I leave PCs going direct to the internet (as I have less than 37 computers), however I don't understand why the data usage is what it is.

Link to comment
Share on other sites

  • ESET Moderators

Hello Qwerty,

the most efficient for such small sites is solution with Apache (or any other) http caching proxy in terms of bandwidth usage.

On the other hand I think that deployment and maintenance of so many proxies for few saved MiBs per month is not worth,..

Not sure how you calculated the 900 MiBs, but it should be much less for sure.  

Regards, P.R.

Link to comment
Share on other sites

Hi Peter / Michal. Thanks for your help!! All understood now, my mistake regarding the 900MB. It should be more like 30MB after further reading!

Edited by qwerty
spelling
Link to comment
Share on other sites

  • ESET Moderators

Hello Qwerty,

something like that in an ideal scenario for the module updates/

But probably not all users are switching on and off PCs at the same time so they may download different nano updates, which might increase it a bit, but anyway the bandwidth per month is negligible, when compared to standard user behavior like e-mails and web browsing.

Regards, P.R.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...