cpetry 4 Posted April 25, 2016 Share Posted April 25, 2016 So I've been working with Sam Saengmanivone and he configured a mirror client on my ERA 6.X installation. Basically, you setup an AGENT / Endpoint to act as a mirror and you point your configuration to the system that's running that AGENT / Endpoint. So it's not ERA itself that's doing it, but it's easy to do. You can browse to the mirror directory on the system and see all of the update files cached up. I'm using the AGENT / Endpoint that's running on my ERA server (I use a Windows installation, not the Linux Appliance). You can configure any server on the network to act as the mirror though. I'm wrapping up a few things with my ERA 6.X deployment and so far I'm happy with it. The newest build is much better than when 6.X first came out. The first release was a disaster. Thanks! Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted April 25, 2016 ESET Staff Share Posted April 25, 2016 Hi @cpetry, You are asking or telling? There are several ways to update ESET but depends on how many PC you have and the enterprise network you face. Link to comment Share on other sites More sharing options...
cpetry 4 Posted April 25, 2016 Author Share Posted April 25, 2016 I can tell you a lot of people have asked on this forum and those questions went unanswered for those people. I know I didn't know I could do this until I complained to ESET engineering that they removed the mirror function from ERA 6.X. So I'm telling. lol Link to comment Share on other sites More sharing options...
ESET Moderators foneil 342 Posted April 25, 2016 ESET Moderators Share Posted April 25, 2016 yes, this is possible, though with the version 6 products, not the recommended solution for server load issues (potential, depending on how many clients are checking in). I believe that the following ESET Knowledgebase article would help anyone else looking to do what @cpetry did: How do I configure an ESET an endpoint product to function as a Mirror server? (6.x) Link to comment Share on other sites More sharing options...
cpetry 4 Posted April 25, 2016 Author Share Posted April 25, 2016 Yeah, it may not work for most people if that's the case. I have multiple blades with 18 x 4 Xeon processors (72 cores per full-height blade) and the storage system is a ~40 TB all-flash array connected to the blade center with 6 x 8 GB FC links. The blade center has two 10 GB redundant network connections to our core. So I think we will be okay.... Link to comment Share on other sites More sharing options...
ESET Moderators foneil 342 Posted April 25, 2016 ESET Moderators Share Posted April 25, 2016 You had me at "it may not work for most people..." haha, but yes, my QA did indicate that this is a viable solution for users that have sufficient (or in your case, abundant) system resources. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted April 26, 2016 ESET Staff Share Posted April 26, 2016 Hello, Problem with the solution you have mentioned, and Sam has recommended to you is that: If you choose the mirror from a specific Endpoint version, it gets updates only from update server appointed for that version. If you update V5 / 4 products, it might happen, you won´t get the updates. Also, it depends, if you have installed EEA / EES on the server (I assume EEA), so it might not download all of the files needed to update EES. Mirror from a specific Endpoint version is not able to get updates for ERA components, which we are going to release as of now (it will bring some new functionality, like import of lists into the policy editor, and support for new settings in Endpoints for Windows / Max + support for Domino / SharePoint. You won´t get it, if your agents are updating from Mirror. Also, if your company is using some proxy server as of now, you could not install the Apache HTTP proxy, but instead of that, configure ERA server / agents / endpoints, to communicate via your proxy server, and cache updates there. This way is far more effective from the perspective of data traffic, and once setup properly, it provides better user experience than the legacy mirror. We are working on documentation change, that will explain benefits of using Apache HTTP Proxy, over the standard mirror, respectively guide customers to use the proper scenario of their environment. Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted April 26, 2016 ESET Staff Share Posted April 26, 2016 @foneil, the case of @cpetry has more than 1000 clients and as you say is not recommended to use the Mirror function of the Endpoints. which quantity (in your opinion) is minimum safety number to use the mirror function of the Endpoints? Link to comment Share on other sites More sharing options...
cpetry 4 Posted April 26, 2016 Author Share Posted April 26, 2016 I was told the updates are universal by Sam and that ESS would be able to update signatures for the AV as well as ESS. We are doing a full swing migration from 4.5/5.0 to 6.3.X. We only use File Security and now Endpoint Security. I'm not interested in using the other products right now. It's hard to configure anything by a "standard" with ESET when I have forum mods conflicting with ESET engineering. Honestly, I don't want automatic ERA or endpoint component updates. I've had very bad experiences in the past with trusting ESET's software to self-update components. I remember seeing a component update uninstall clients, not upgrade them. Of course according to ESET that never happened even though it clearly did as I remember reinstalling endpoint clients on the affected systems that day. Link to comment Share on other sites More sharing options...
ESET Staff Gonzalo Alvarez 66 Posted April 26, 2016 ESET Staff Share Posted April 26, 2016 @cpetry, If I remember correctly ERA can be set to not update components (not a good end on the security road, IMHO), and also you can delay the updates. My suggestion is to have 1 client with normal updates to see if there is any trouble with the components and all the rest of your network with delayed updates under your control. when is ok, you send the updates. Link to comment Share on other sites More sharing options...
cpetry 4 Posted April 26, 2016 Author Share Posted April 26, 2016 @cpetry, If I remember correctly ERA can be set to not update components (not a good end on the security road, IMHO), and also you can delay the updates. My suggestion is to have 1 client with normal updates to see if there is any trouble with the components and all the rest of your network with delayed updates under your control. when is ok, you send the updates. It's also not good the good end of security when updates fail and break the client leaving the client with nothing vs something. I'd rather handle everything by hand until I can see that ESET has polished their upgrade process. I can just as easily push a newer version to several systems to see what happens. I still occasionally have endpoints become corrupted and basically disappear from a system. I have a EFSE 4.5 installation right now that's actually malfunctioning on me. I have to uninstall/reinstall EFSE 4.5 on a few servers every now and then. I'm hoping it's better on 6.X. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted April 26, 2016 Administrators Share Posted April 26, 2016 I don't recall releasing a program component update (PCU) for business versions / Endpoint and I've been with ESET for years. As you say, automatic PCU is prone to breaking things and we published PCU via a KB article for administrators who could put the appropriate nup files to the mirror folder and update clients this way. Link to comment Share on other sites More sharing options...
cpetry 4 Posted April 26, 2016 Author Share Posted April 26, 2016 I don't recall releasing a program component update (PCU) for business versions / Endpoint and I've been with ESET for years. As you say, automatic PCU is prone to breaking things and we published PCU via a KB article for administrators who could put the appropriate nup files to the mirror folder and update clients this way. You're right, it was the PCU files I used that caused my clients to uninstall vs updating (placed in the mirror directory in 5.X). I update by pushing full installers now and that works most of the time. Link to comment Share on other sites More sharing options...
cpetry 4 Posted May 3, 2016 Author Share Posted May 3, 2016 This Apache HTTP proxy works. I just needed two ESET Sales Engineers to spend 2+ hours on a WebEx meeting to get it working. At least it's working now. I can't believe how difficult it was to get it working. The KB article was missing some information. They had to piece together steps from two articles. Link to comment Share on other sites More sharing options...
ESET Moderators foneil 342 Posted May 3, 2016 ESET Moderators Share Posted May 3, 2016 Sent PM to cpetry about the KB. Link to comment Share on other sites More sharing options...
Recommended Posts