Patch Management Group

 View Only

How to configure peer-to-peer downloading in IT Management Suite? (Windows only) 

Dec 16, 2016 02:57 AM

About peer-to-peer downloading feature

The peer-to-peer downloading feature is available starting from IT Management Suite version 8.0 HF5.

The peer-to-peer downloading feature lets you download and distribute the software delivery and patch packages to Windows computers. It minimizes the software delivery time and provides you with a reliable software delivery to all endpoints. The peer-to-peer downloading feature significantly reduces the load on the network and on the IT Management Suite infrastructure.

You can benefit from this feature when distributing the Windows cumulative updates or other software packages to your Windows client computers. You can also use this feature when managing the Windows 7, 8, and 10 devices at sites with low-bandwidth connections and no dedicated package servers.

 

image001_14_0_0_0.png

The peer-to-peer downloading feature is not supported in Deployment Solution.

 

Note that peer-to-peer downloading is different from multicast downloading. The idea of multicast downloading is to temporarily use one regular client computer as a package server which downloads a package from Notification Server and then transmits it to the other client computers. In peer-to-peer downloading, the peer computers find each other, request the information about the packages, and download the package from the peer computer that has the required package available.

 

image001_14_0_0_0.png

You cannot use multicast downloading and peer-to-peer downloading simultaneously.

 

The concept of peer-to-peer downloading is as follows:

Symantec Management Agent discovers the peers.

After you enable peer-to-peer downloading, Symantec Management Agents discover peers by sending broadcast or unicast HTTP messages and join the Distributed Hash Table (DHT) network.

HTTP server stores the list of packages.

The HTTP server is part of the Symantec Management Agent process. It starts automatically after you enable peer-to-peer downloading.

The HTTP server stores the list of package GUID-s with their associated states.

The Package Delivery component on Symantec Management Agent informs the HTTP server about the folder where the downloaded packages are stored and about the state of each package.

DHT provides the package information to the peers.

The DHT algorithm uses the list of packages from HTTP server to generate the information for the peers in the DHT network.

When the peers look for a specific package, they look for the state of the package and the location of the package in the DHT network.

Package Delivery downloads the packages.

When the Package Delivery must download a package, it first looks for the GUID of the required package in DHT. DHT responds with a list of peer computers where this package is being downloaded or already available.

If the package is being downloaded on one of the peer computers, the Package Delivery retries to download the package from this peer later.

If the package is already available on some peer computers, the Package Delivery attempts to download the package from one of these peers. Once the package is downloaded, the computer changes the state of this package in DHT to "ready".

When the Package Delivery cannot find the required package on the peer computers, it changes the state of this package in DHT to "downloading" and starts downloading the package from Package Server or Notification Server. When the download of this package finishes, its state is changed to "ready".

 

Configuring the settings for peer-to-peer downloading

You configure the peer-to-peer downloading settings in the Symantec Management Console, on the Targeted Agent Settings page, on the Downloads tab.

image001_14_0_0_0.png To ensure that the peer-to-peer downloading works efficiently, Symantec recommends the following additional configuration:

Keep the packages on the client computer for at least one week.

Peer-to-peer downloading does not function or functions with limitations if you remove the package from the client computer immediately or after a few days.

To avoid this issue, you must configure the Package files will be deleted from the client computer if unused for option as required. The suggested minimum period for the package to be stored on the client computer is 1 week.

You can configure this option in the Symantec Management Console, on the Symantec Management Agent Package page.

To access this page, in the Symantec Management Console, on the Settings menu, click All Settings, and then in the left pane, expand Settings > Agents/Plug-ins > Symantec Management Agent > Windows.

P2P_4.png

Configure a schedule for the installation of the Windows 10 feature updates.

Peer-to-peer downloading does not work efficiently if you configure the Windows 10 feature updates to be installed ASAP. In this case, each computer would start installing the feature update right after the package download. During the update installation, the Symantec Management Agent is inactive and not able to distribute the downloaded feature update to its peers. As a result, numerous agents download the feature update directly from Package Server or Notification Server.
Symantec recommends setting specified time for the update installation to give computers enough time to distribute downloaded feature update to their peers.

You can configure this option in the Symantec Management Console, on the Default Software Update Plug-in Policy page.

To access this page, in the Symantec Management Console, on the Settings menu, click All Settings, and then in the left pane, expand Agents/Plug-ins > Software > Patch Management > Windows.

P2P_7.png

Alternatively, you can configure this option for the specific software update policy.

P2P_6.png

 

To configure the settings for peer-to-peer downloading

  1. In the Symantec Management Console, on the Settings menu, click Agents/Plug-ins > Targeted Agent Settings.
  2. In the left pane, select the policy for which you want to configure the peer-to-peer downloading settings.
  3. In the right pane, on the Downloads tab, under Peer-to-peer Downloading Configuration Settings, configure the settings.
    P2P_download.png
    Note that the default settings are suitable for most of the environments. However, if you notice too many direct downloads or long package delivery period, you may need to customize the settings. The settings for peer-to-peer downloading are as follows:

    Allow Symantec Management Agents to download packages from peer computers

    Enables the peer-to-peer downloading functionality that allows the client computers to download packages from their peers.

    Note that only the peer computers that are managed by the same Notification Server can download packages from each other.

    TCP/UDP port

    HTTP server listens to the TCP port. Peer discovery engine listens to the UDP port. The same port number is used for both.

    HTTP request timeout

    The period that the HTTP server should wait for the peer commands or file download requests from peer computers to arrive. If the request is not completed in a specified time, it is canceled with a timeout error.

    Note that if the timeout period is short (5-10 seconds), the slower client computers may drop out of the DHT network.

    Maximum upload bandwidth

    The maximum upload speed that the uploading peer can share between downloading peers.

    Maximum download bandwidth

    The maximum download speed that the Symantec Management Agent can use when downloading a package from a peer computer.

    Note that this value is independent from the general throttling value. For example, if you set the general throttling to 500 KB/s and peer-to-peer downloading throttling to 10 MB/s, the bandwidth is limited to 500 KB/s while downloading from Notification Server or Package Server outside the subnet, but the peer-to-peer downloading traffic inside the subnet has 10 MB/s bandwidth.

    Maximum number of requests per core

    The maximum number of simultaneous requests from the peer computers that the HTTP server can process.

    Note that this setting is per CPU core. For example, if you enter 5 for this option, the computers with dual core processor will have a total limit of 10 requests.

    Maximum number of connections

    The maximum number of simultaneous connections that the HTTP server allows.

    This option lets you limit the number of the client computers that can simultaneously connect to a peer.

    Total log size

    This option controls the total size of HTTP log files. The size of a single log file is 1 MB.

    Peer announcement interval

    A period after which Symantec Management Agent sends out a broadcast packet to its peers.

    Unavailable peer timeout

    A period after which a peer computer is considered as unavailable since it sends no broadcasts and does not answer to the requests.

    Additional subnets to discover

    Additional network segments for peer engine to discover.

    Note that the peers try to connect directly to the added subnets. Add the subnets only if the communication between the network segments is expected. If you expect communication only between very specific set of subnets, create a dedicated Targeted Agent Settings policy with additional subnets and target it correspondingly.

    Maximum number of peers per download attempt

    The maximum number of peers from which the client computer tries to download the package.

    Symantec suggests increasing this number if the computers often go offline.

    Maximum download attempts per package

    The maximum number of attempts to download a package using peer-to-peer downloading. Each attempt consists of selecting the specified number of peers and then attempting to download the package from each peer.

    If all the attempts fail, the Package Delivery will download the package directly from the Package Server or Notification Server.

    Period between download attempts

    The interval of peer downloading attempts.

    Note that the timeout period for peer downloading does not increase. When a client computer downloads a package from Notification Server or Package Server, the timeout period increases on each attempt.

    File block download progress on peer

    This option lets you configure how often a peer computer notifies its peers about the package download progress.

    A peer computer downloads a file block by block. The size of each block is 2MB by default. The peer computer sends notifications about the package download progress after a specified period of time. If download of a file block is completed, other peers can start downloading it.

    Don't use peer-to-peer downloading

    In certain cases, you can disable using the peer-to-peer downloading.

    For example, if the computers are outside of the internal network and use Cloud-enabled Management for communicating with Notification Server.

  4. Click Save changes.

For more information about the peer-to-peer downloading, see the following knowledge base article:
http://www.symantec.com/docs/DOC9473

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Mar 09, 2018 03:25 PM

ITMS 8.0 HF5 is the version where p2p was introduced and where it works across all subnets.

You would need to apply an update where the subnet isolation is implemented (i.e. p2p works only in subnets that are available through peer’s network adapters directly).
All cumulative pointfixes to ITMS 8.0 HF6 include this change.

Pointfixes are available at the following URL:

https://support.symantec.com/en_US/article.INFO4241.html

Mar 09, 2018 05:33 AM

Hi Triinu

We are on ITMS 8.0 HF5

In a client SMA with diags turned on I can see pages of peer info - see attached

 

 

Mar 09, 2018 03:19 AM

Actually, the very first version of p2p and the latest versions work a little differently. So, would be good to know which version of ITMS do you use?

Also, as JoeVan mentioned, the “Peer Downloading” tab in diagnostics UI (in Symantec Management Agent) shows which subnets are available to the client.

Just in case, I'll add the steps for enabling the Diagnostics mode in SMA:

  1. On the client computer, open a command prompt window as an administrator and go to the following directory:

    install_path\Program Files\Altiris\Altiris Agent

  2. Run the following command: Aexnsagent /diags

  3. On the Symantec Management Agent toolbar, click View > Diagnostics.

 

Mar 08, 2018 02:11 PM

When you enable peer to peer, by default peer transfers only happen within the same subnet.  You can configure additional subnets to tie subnets together but you should not see peer to peer traffic traveling the WAN.  

If you want to see the local peers for a specific agent, you can enable Diagnostics within the agent and then you can open a "Peer Downloading" tab to see the P2P info. 

Mar 08, 2018 02:10 PM

When you enable peer to peer, by default peer transfers only happen within the same subnet.  You can configure additional subnets to tie subnets together but you should not see peer to peer traffic traveling the WAN.  

If you want to see the local peers for a specific agent, you can enable Diagnostics within the agent and then you can open a "Peer Downloading" tab to see the P2P info. 

Mar 08, 2018 01:46 PM

There is a question already about subnets but I'll try and frame mine differently

As is normal in a large company environment we have many sites in many places around the world. It seems that peer to peer is working across WAN links to any of the known company subnets. How can you tell it to just work locally - i.e. inside 255.255.255.0 local to itself.

 

 

 

Aug 23, 2017 06:51 AM

Hi!

in addition to this article, I have posted answers to the frequently asked questions about peer-to-peer downloading at:

https://www.symantec.com/connect/articles/frequently-asked-questions-peer-peer-downloading-it-management-suite

Jul 27, 2017 07:49 AM

Using 8.0 HF6 we see te package servers seems able to populate its own 'packages repository' from multiple others package servers, and not only the NS (That is really nice !)

It will make sense to allow the use of P2P to get data's more locally, so if it is not, I vote for this as a feature request

May 11, 2017 11:09 PM

Will P2P package distribution allow a Package Servers to receive packages from clients into its local package cache, or can/will a Package Servers only replicate from a central source through traditional channels such as SMB/HTTP?

Our scenario is this: we have a sysadmin who rotates between high- and low-bandwidth sites. Their laptop receives a package whilst at a high-bandwidth site - an application, OS patch, etc - and stores it in cache. They then move to a low-bandwidth site. Will the P2P function allow the local package server to pull packages from the laptop's cache as well as over the low-bandwidth link?

Given the size of recent Office and Windows patches (especially), it would be nice to have P2P as a supplemental distribution method for package servers as well as standard clients.

I noticed above: "there will be no interference with PS functionality since p2p server provides packages downloaded via software Management plugin, these packages can be quite different from these provided by Package server", but I don't know if this constitutes "interference".

Mar 22, 2017 08:04 AM

For other subnet(s) to discover, Peer-to-peer settings page has such section to configure itp2p_Subnet.jpg

Mar 21, 2017 03:51 PM

Our environment involves multiple remote sites that are each on their own subnets, and each with their own site server, so I have a question about how the peer discovery process works. With peer to peer turned on, does the Altiris Agent only look for local peers, or will it look across subnets as well?

To illustrate my question, assume you have two sites. Site A contains the notification server, as well as a site server to service a handful of workstations at that site. Site B is a remote site, containing a site server and a handful of workstations, connected by a slow WAN link. With Peer to Peer turned on, if a computer at Site A has downloaded a package, will it become a peer of a computer at site B?

Feb 15, 2017 08:00 AM

Stefan,

I received the following answer to your first question:

"There will be no interference with PS functionality since p2p server provides packages downloaded via software Management plugin, these packages can be quite different from these provided by Package server.

They can even share the same port if p2p is enabled for PS."

Jan 20, 2017 06:51 AM

It maybe does not make sense to enable peer-to-peer on a package server however my question is does it interfere with the "package server" functionality if it would be done?

I would also like to see some best practises / use cases. Is there anything available?

Related Entries and Links

No Related Resource entered.