This content has been marked as final. Show 3 replies
You CAN CREATE paragraph preferred Servers Copy paths OS
We don't have space on the local servers to use them for Patch Management, so I was hoping to use peer to peer downloads by patching some systems in each of our offices and let the others retrieve their patches from them. I don't know what you mean "paragraph preferred Servers Copy paths OS"
I don't think the peer-to-peer can jump across subnets, but if you seed the patches on a single computer on each subnet ahead of time, then the rest of the devices should be able to pull their patches from that device when it's time to patch. I use a similar method when patching our remote offices scattered all over the world, some with relatively small WAN connections. I have a pilot group of computers that I deploy to first, with one or several (for the larger sites) computers at each site that get patched ahead of time. For this initial wave, you can adjust the bandwidth settings in the agent behavior to a lower percentage to reduce the load on the connection when they download from the core. You'll need to have a couple of different patch and distribution settings deployed in your environment to make this method work, but it's not too complicated.
When using the peer to peer, here's a few things to consider:
- The computers that you use to seed with patches during the initial wave should be desktops or devices that tend to be left on round the clock or all day so they are available when other computers are looking for patches
- You could uncheck the box for "Allow source" for the computers being patched after the initial wave of computers, to make sure they don't go back to the core server to download the patches
- If you do that though, you'll need to make sure to deploy patches less than 7 days after the initial wave, otherwise the sdmcache will purge the files and they will not be available (this is default, but can be changed with a registry edit I believe)
- Also, if there are any patches that are needed that did not get patched on one of the devices in the initial wave, then they will not be available for the peer-to-peer sharing (depends on software installed, OS version, etc.)
- Make sure to consider the bandwidth throttling for each wave/group of computers you patch, you can throttle the connection to the core way down, and then leave the peer-to-peer bandwidth higher to help mitigate network congestion when patches are deployed