The most common method of distributing engine and definition updates in Microsoft Forefront Protection 2010 for SharePoint (FPSP) is to use UNC updating where one server (the redistribution server) downloads updates from the Microsoft HTTP server and then hosts those updates for the rest of the servers in your environment (the receiving servers). After the redistribution server downloads an update, any receiving server whose update path points to the redistribution server can download the updates from the redistribution server.

UNC updating is the only supported method for redistribution.

Configuring servers to receive and distribute updates

Before distributing updates, you must configure both the distributing server and receiving servers.

To configure servers to receive and distribute updates
  1. To prepare a server to act as an update redistribution server, you need to establish a Windows share for its Engines folder. For information about the location of the default Engines folder on your operating system, see Default folders.

  2. On the chosen server, enable the redistribution server functionality, and optionally set up UNC authentication user credentials.

    1. In the Global Settings - Engine Options pane, in the Additional Options section, select the Enable as an update redistribution server check box, and then click Save.

      This configures FPSP to save the two most recent engine update packages instead of the usual single engine package. FPSP also downloads the full update package rather than performing an incremental update. The multiple engine packages enable the receiving servers to continue pulling updates from the redistribution server while a new update is being downloaded.

    2. Optionally, create UNC authentication user credentials. It is recommended that you use credentials with the minimum privileges. These should not be domain credentials, and the user should only be granted access to the share.

  3. Configure each receiving server to point to the shared folder:

    1. In the Global Settings - Engine Options pane, in the UNC Authentication section, to enable UNC updating, select Enable UNC.

    2. Optionally, click Edit UNC Credentials in order to display a dialog box where you can specify your UNC authentication user credentials. After specifying your credentials, click OK and then click Save.

    3. In the Global Settings - Advanced Options pane, in the Intelligent Engine Management section, using the Engine management drop-down list, select Manual.

    4. In the Update scheduling section, select the engines and then click the Edit Selected Engines button.

    5. In the Edit Selected Engines dialog box, in the Primary update path field, enter the redistribution server's UNC path (\\ServerName\ShareName).

      The use of static IP addresses within the update path is not recommended or supported. Also note that you can enter the Microsoft download location in the Secondary update path field. Then, if updating by means of the redistribution server fails, the latest updates can still be retrieved from Microsoft by using the Secondary update path.
    6. Click Apply and Close to return to the Global Settings - Advanced Options pane, and then click Save.

Example: Server Ex1 downloads its updates automatically from the Microsoft HTTP server. Ex1 has FPSP installed in the following location:

C:\Program Files (x86)\Microsoft Forefront Protection for SharePoint

You have created a share, called AdminShare, which begins at the Engines folder. Another server, Ex2, receives its updates from Ex1 by using the following primary update path:


Related Topics