Best practices for designing, implementing and maintaining a LiveUpdate Administrator (LUA) infrastructure.
Before you start
LUA is not recommended for the following scenarios:
Updating any amount of clients through LUA instead of through a management server like Symantec Endpoint Protection Manager (SEPM)
Updating environments with less than 1700 unmanaged clients sharing the same Internet connection
Updating clients across WAN links
Symantec products download updates from the Internet using a LiveUpdate client by default. Configuring and administering an LUA infrastructure adds several layers of complexity to the process of updating Symantec products.
Use the following guidelines to ensure the extra complexity and bandwidth usage generated by LUA provide a net benefit. See When to use LiveUpdate Administrator for more information on recommended use cases for LUA.
Use the latest available release
New versions of LUA contain fixes for customer reported issues, as well as vulnerability mitigations, stability and usability enhancements, and new features. Whenever possible, use the latest version of LUA for any new LUA deployments, and upgrade existing LUA servers to the latest version as soon as possible.
To prevent resource contention or performance problems, ensure the following:
Do not install LUA on the same computer as Symantec Endpoint Protection Manager (SEPM)
Do not install LUA on the same computer as another Tomcat based Web server
Do not install LUA on a database server
Do not install LUA on a Symantec Endpoint Protection (SEP) client configured to be a Group Update Provider (GUP)
Note: Installing LUA on the same computer as SEPM is not supported.
Install on Virtual Machines
LUA uses a significant amount of I/O and network bandwidth. Virtual Desktop Infrastructure (VDI) environments tend to use large amounts of relatively fast storage shared among many virtual machine (VM) computers. Even though the very fast shared storage is much faster than a single desktop hard drive, the I/O bandwidth available to individual virtual machines running on shared storage is often much smaller than the I/O bandwidth available on a physical machine with relatively slow storage.
To avoid I/O and network resource issues, Symantec recommends the following if LUA must be installed on a VM:
Ensure adequate disk I/O bandwidth is available to the VM running LUA
Use a statically configured virtual drive, or dedicated physical drive to store LUA content (a dynamically allocated drive requires more I/O than a statically assigned drive)
The VM hosting LUA requires a dedicated Network Interface Card (NIC) for optimum performance
LUA requires a very large amount of free disk space to function properly. Ensure there is enough available storage to house all content downloaded/distributed by LUA without running out of free space. Use the following guidelines when configuring an LUA server's disk(s):
Install LUA to a secondary disk for best results.
Ensure there is 200 GB or more free disk space for each product version LUA is configured to update.
LUA has a limited amount of memory and threads to handle scheduled tasks like downloading and distributing content, purging downloads and distributions, and database maintenance. These resources are also shared by built-in testing and production distribution centers. Use the following guidelines to ensure smooth operation of LUA's tasks:
Limit download and distribution schedule sizes. For example, when downloading content for multiple Symantec Endpoint Protection versions, configure separate download and distribution schedules for each version
LImit the amount of scheduled tasks running at any time. For best performance, do not schedule more than one task to run concurrently. Never run more than 5 concurrent scheduled tasks of any type
Do not run purge tasks at the same time as database maintenance, distribution or download tasks
Do not run database maintenance tasks at the same time as any other task
Configure Purge Updates in Manage Updates Folder to run daily, and to purge contents older than 1 revisions back
Configure Purge updates in Distribution Centers to run daily at least an hour after the Manage Updates folder purge
Maintenance and tuning
Schedule database maintenance to run weekly. Do not schedule any other tasks to run at the same time as the weekly database maintenance schedule.
Monitor the bandwidth usage of LUA over time to ensure network stability. Bandwidth utilization statistics can be compared to estimated bandwidth usage based on the information in this section.
File system maintenance
Ensure LUA is configured to periodically purge aged content from the local cached definitions as well as its distribution centers. By default these purge schedules run weekly and monthly respectively. Increasing the frequency these purge schedules are run will improve overall disk usage on the LUA server and any external distribution centers.
Run a scheduled defragmentation of the hard disks where LUA stores cached and distributed content to improve the overall performance of the LUA server's disks.
Ensure adequate system resources are available to prevent excessive paging of memory to disk.
Imported Document ID: TECH93409
Subscribing will provide email updates when this Article is updated. Login is required.