cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3566
Views
0
Helpful
3
Replies

Cisco AMP update procedure

AMA2
Level 1
Level 1

Hello,

 

We use Cisco AMP (cloud) and we have about 4000 endpoints. When we started the endpoints update, a lot endpoints started to update at the same times and our bandwidht was painfully impacted.

 

Can you please share with me an recommended update procedure ? I know some community members use SCCM to do that, It will be nice if someone can share the procedure.

 

Thank you.

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

Instructions for SCCM deployment can be found in the "AMP Deployment Strategy Guide".

 

The latest version is linked from this page:

 

https://console.amp.cisco.com/docs

Jim2k
Level 1
Level 1

How about making a new group with update window set and then just move machines from group to another in staggered allotments.

Thats what i plan on doing in my environment which is over 160k endpoints. This past go around we used SCCM and it had it's own issues where it was supposed to reboot the machine and it did not do it. even thought the sccm logs said it did

Troja007
Cisco Employee
Cisco Employee

Hello,

yes, you are right, we have to improve this feature or the scheduling for Signature updates. We are working actively with Customers/Partners to generate us much as possible feature requests for AMP4E. 

 

Enclosed two things for Tetra.
Bildschirmfoto 2019-01-07 um 08.25.13.png

Details: 

Scheduling must be configured more in Detail. E.g. adding a Time and a random value within a time range 
when the client does the update. When clients are starting the update at the same time this generated high
load in vdi environment (boot storm) or bigger locations.

Wen updating signatures or upgrading the product the update/upgrade mechanism must meet the network topology.
Also if there are time windows where no traffic is allowed on specific WAN links this must be able to
be configured in AMP console.
Companies with many network locations and mobile users are needing a dynamic selection of the update servers. 
The update scheduling must fit the network topology and other organizational needs.

This is also needed to avoid high load on limited WAN links at the customer like radio link connections,
WAN optimization and so on.

So if you agree with this needed updates please contact your Cisco representative to open a feature request.

 

Greetings,

Thorsten
 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: