This content has been marked as final. Show 8 replies
It is really all dependant on your network architecture. The delivery method I use the most is Push and some type of multicast. This, for me, is bandwidth friendly and allows me to distribute software to large groups of machines. We also have over 600 preffered servers in our environment so that gives us a lot of flexibility with how we deploy. In our delivery methods we usually have the bandwidth usage turned down to 35% WAN and 75% Local but this varies depending on the type of deployment.
Can you provide more information on how your network is setup? How many preferred servers do you have, if any?
I don't like using multicast because if something goes wrong, you just hosed everybody on a network segment simultaneously. This could knock out a whole department (yes, I'm speaking from experience here).
We have over 400 remote sites, some quite small with limited bandwidth. We don't use Preferred Servers because the sites that could benefit from them the most are the small sales offices where the cost could not be justified. These office are always merging, moving, closing, and there is no one there to even reboot the server if it hangs.
So this is what we do...
We modified the default cache time to be 30 days on all devices. When we roll out patches or software, we push to desktops off-hours (usually at night), segment by segment. After we have two or three desktops done on a segment, we then target the rest of the machines on that segment, either with a policy job, or another push. Again, I prefer a policy job, because it randomizes the installs for you, mitigating the risks, and if there are no desktops on a segment, at least all the laptops won't try to download across the WAN at the same time. Most devices have no problem finding the files on another machine on the local network using this method.
If you really want to eliminate WAN traffic during the day, the second job can be set to peer download only.
Multicast has always worked for me and I've been using it since 8.7. Like I said, it all depends on your existing architecture. In our case, we have over 600 Preferred Servers and have been able to reduce our WAN traffic this way.
Peter, a Preferred Server doesn't have to be this expensive device. In fact, we are using $200 NAS devices and they work just fine.
Multicast does work well, no doubt, but there is a risk associated with it.
We once used multicast to push out a piece of software that had a conflict with a specific version of CD driver on HP desktops. The conflict would immediately cause the CPU utilization to peg at 100%, rendering the machine useless. We did our due diligence testing the package, running several pilots, but the issue was not found because it only effected that particular version of that device driver and no others. A couple years before, our entire collections department had all received new desktops with (you guessed it) the problem version of the CD driver. In the blink of an eye, the whole department ground to a halt. We had to scramble our entire IT department to boot the machines into safe mode and update the CD driver software. I guess I'm just gun-shy now of multicast. Since workstations are set to check for policy at random times, we would have had time to notice there was a problem before it effected every machine in the department had we used policy.
As far as the cost for the Preferred Server, there is the hard cost of the hardware and the soft cost of installing, periodically replacing, and managing hundreds of devices over time. We run a very lean operation, 2 LD admins for 20,000 workstations and 1,200 servers. Also, the Preferred Servers do not store patches, only software packages. I supposed you could put your patch directory on a DFS share or something like that, but that too would entail some manpower to set up and maintain.
I would be interested to hear other people's opinions on Preferred Servers, since the topic does come up frequently. I would be particularly interested if someone had some hard numbers on usage and bandwith saved vrs. cost.
Peter, I understand where you are coming from. Past good/bad experiences tend to steer us in different directions. As for the preferred servers, patches can most definitely be deployed from them. I have done this in 8.8 and 9.0. I don't have any metrics on bandwidth saved or things like that but we can easily identify when a branch is not utilizing a Preferred Server. As for cost, in our case, the NAS we use runs anywhere from $200 to $230 and we all that needs to be done is plugged in at the site. We pre-populate them with our data and use robocopy to keep them in sync once deployed. There is some cost associated with upkeep like anything else. Just something to think about if you ever want to venture down this path.
I see my knowlege on Preferred Servers and patches is a bit dated. Last time I checked, PM would not use a Preferred Server. I see now that it will. I think this is worth revisiting.
You said you used robocopy to replicate, didn't LANDesk come out with some file replication utility?