Symantec Management Platform (SMP) Community

Expand all | Collapse all

Constrained Package Servers

  • 1.  Constrained Package Servers

    Posted 09-10-2020 02:44 AM
    Hi all,

    Reading up on constrained package servers and found this article from last year: https://knowledge.broadcom.com/external/article?legacyId=tech252734

    It says that constrained package servers without an explicitly designated unconstrained package server source will wait four hours before contacting the NS directly to acquire a package it could not otherwise receive.

    Previously, package replication happened via CEM using a SWD policy which would toggle the Force CEM Gateway registry entry for a few hours each night, but that key has not worked since upgrading to 8.5 RU3, and I've not been able to find an alternative measure.

    Is there a way to extend this timeout, or better still, a way to prevent it entirely? (Short of disabling the Altiris Agent!)
    We have some quite isolated satellite sites in need of careful bandwidth management and standard constraint functionality - which was already problematic, since uPS assigned to constrained sites would sometimes serve requests from clients at the constrained site and create exactly the bandwidth problems we sought to avoid - is no longer fit for purpose.

    Any advice would be appreciated.


    ------------------------------
    --None--
    ------------------------------


  • 2.  RE: Constrained Package Servers

    Broadcom Employee
    Posted 09-11-2020 02:42 AM
    Do you mean "Prefer Secure Gateway Connect" entry? This entry should be working as before in the latest RU3 hot fix or RU4.
    You could also use throttling periods to limit the traffic.
    You could also use blockout functionality to prevent communications to servers instead of disabling Altiris agent.
    Have you tried those? What were the problems?



  • 3.  RE: Constrained Package Servers

    Posted 11-11-2020 02:59 AM
    Hi Sergei,

    Apologies for letting this lapse, busy few weeks.

    Our original method was the Prefer Secure Gateway Connect registry entry (a REG_DWORD value in HKLM\SOFTWARE\Altiris\Communications), that's correct.

    Somewhere along the line that stopped working - we'd toggle the registry entry between 0 and 1 for a few hours each night and packages would replicate over our public internet connection to each site instead of over the (much) slower WAN. Orders of magnitude faster.

    CEM itself still works for mobile clients and such - extremely handy when dealing with a distributed fleet during COVID - but we'renow  no longer able to force the Altiris Agent at our sites to use CEM if it also detects an existing "internal" connection back to our central office, and no amount of fiddling with the other registry entries has led me to a solution. It used to work, and now it doesn't, and that's immensely frustrating, so my next option is to severely throttle all sites until the off-hours.

    I will look into blockout periods - I believe my predecessor had little luck with those, but I will consult with her to confirm. Thank you for the suggestion.

    ------------------------------
    --None--
    ------------------------------



  • 4.  RE: Constrained Package Servers

    Posted 03-22-2021 07:27 PM
    HI all,

    Quick update to this thread: we ended up revisiting the Agent blockout period options for the affected machines, disabling only package downloads for clients until after hours. The site servers themselves have had their traffic throttled to 128KB/s during business hours, and we're hoping Altiris 8.6's CEM improvements will address the concerns we have around CEM no longer behaving as it did in previous versions of the platform (i.e. dynamically switching between WAN and public internet as the conduit for package traffic).

    It's all a bit messy, but it seems to work, and we're content to leave it in place and monitor for now.

    ------------------------------
    Tech Monkey/IT Primate
    ------------------------------