How To: Configure a UNC based Distribution Server

Version 5

    Purpose

     

    This document is a guide on how to set up a new distribution server or modify an existing one.

     

    Description

     

    Distribution Servers can be created and modified under Tools > Operations > Distribution Servers in Protect 9.2 and Tools>Options>Distribution Servers in Patch for Windows 9.3. Any currently defined distribution servers are displayed in the top pane.

     

    Protect 9.2

    Screenshot_72.png

     

    Patch for Windows 9.3

     

     

    Creating a new Distribution Server

     

    To create a new Distribution Server, you first need a file share to sync to.  This can be located on any Windows OS, even the Protect Server.  Right click on the folder you want to be the DS, and go to Share with > Specific People. This is also under Properties > Sharing > Share. Note down the network path.

    Screenshot_74.pngScreenshot_75.png

    Once you have a file share, you can turn it into a Distribution Server. Go to Tools > Operations > Distribution Servers, and click New in the upper left hand area. For a basic Distribution Server, provide the network path(UNC), and credentials with the appropriate permissions. The needed permissions are listed above each credentials field. You can test these settings by clicking Test connection, which will return Connection succeeded if all is well, or an error message if it fails. Press Save to save your settings.

    Screenshot_76.pngScreenshot_77.png

     

    Scheduling Distribution Server syncs:

     

    Now that you have a Distribution server(DS), you'll want to set up an scheduled synchronization so that the Protect Console will move patch file and core files to the DS. To do so, select the Distribution Server from the top pane, then select the type of sync on the upper bar, and select "Add scheduled sync"

    Screenshot_80.png

     

    • Core Engines/Definitions: This moves over core files such as stdeploy.exe as well as patch definitions. If you have agents using this Distribution Server, you should have this sync added to ensure your agents have the most up to date patch metadata.
    • Patch Downloads: This moves over patch installation files. You will need this type of sync for both agent and agent-less deployments using this Distribution Server
    • Threat Engines/Definitions: This moves over core files such as the Shavlik Threat engine, as well as updated threat definitions. If you have agents using this Distribution Sever that also provide anti-virus, you should have this sync added to ensure your agents have the most up to date threat definitions.

     

    Note: Anti-Virus support ends September 30th, 2016

     

    Once you click Add scheduled sync, you'll be prompted to determine your sync schedule. Once you do, press Save, and your sync will show up under Scheduled automatic synchronization.

     

    Screenshot_81.pngScreenshot_83.png

     

    Editing an existing Distribution Server

     

    Before you edit an existing Distribution Server, you need to establish whether this Distribution Server is already in use.

     

    If your distribution server is in use, any changes made will update either the agent policy or the agents affected. If you don't want these changes to occur immediately, you need to do one of 2 things before you make changes:

    • Change the agent policy to a different DS, or Vendor Over Internet. You can do this without updating the agents by selecting "Save" in the agent policy, instead of "Save and update agents". This way you can feasibly make changes without impacting your agents as long as you make changes quickly.
    • Make a new DS, and then change the agent policies to use that DS.

     

    Change the agent policy

     

    If you choose this method, you will need to change the agent policies using the Distribution Server in the manner explained above. Once you do that, go to Tools > Operations > Distribution Servers, select your Distribution Sever and next to New in the upper left hand corner, select Edit.

    Screenshot_84.png

     

    Make a new DS

     

    If you choose this method, you just need to follow the directions above to make a new Distribution Server, and then update your agent policies accordingly.

     

    Additional Information

     

    You cannot have 2 Distribution Servers with the same name. Protect will provide an error stating "The name <name> already exists. Please select a unique name".

     

    Screenshot_85.png

     

    Other distribution server types exist for specific use cases. More information about these other options can be found in these articles:

    Configuring Authenticated SMB Distribution Servers

    Configuring Authenticated HTTP Distribution Servers

    Configuring Authenticated HTTPS (SSL) Distribution Servers

     

    The following articles provide information about how to use distribution servers, and troubleshooting common issues:

    Troubleshooting Distribution Server Synchronization

    Test Connection For A Distribution Server Errors Out When Using Credentials That Are Tied To A Microsoft Account

    How To: Configure an Agent Policy to Use a Distribution Server

    How To: Manually Synchronize Distribution Servers

    HTTP Distribution Server, Not Able To Download Files

     

    Affected Product(s)

     

    Protect 9.2.x

    Patches for Windows Servers 9.3.x