Optimize network bandwidth usage in large multi-site corporate environments

Symptoms

To maintain a high protection level, you may notice an increase in bandwidth due to the increased number of updates released per day. Policy Manager Proxy (PMP) installations are especially affected as the additional strain on the likely slower network connection that exists between the remote site hosting the PMP installation(s) and the main corporate site with Policy Manager Server (PMS). The network bandwidth usage can be especially high when computers are turned on Mondays as the update packages accumulate over the weekend.

Diagnosis

By default, the Automatic Update Server (AUS) in the PMS calculates byte-level differences for the last five update packages (per update channel). In the event where computers were turned off over the weekend, client machines have missed five updates, and the PMS will then download a full update package (Aquarius Windows updates can be approximately 140MB in size). When this happens, network bandwidth usage can be excessively high.

Solution

Increase the number of byte-level difference files stored by the PMS
For Windows
1. Stop the Automatic Update Agent (AUA) and Automatic Update Server (AUS) in the command prompt: net stop fsaua, net stop fsms
2. Open [F-Secure Installation Path]\FSAUS.PM\conf\server.cfg in Notepad.
3. Find the key num_old_versions_to_compare, change the value to 50, and save the file.
4. Start Automatic Update Agent (AUA) and Automatic Update Server (AUS) in command prompt: net start fsaua, net start fsms.
For Linux
1. Temporarily stop the cron/crond daemon by executing:
```
#/etc/init.d/cron stop
```
  or
```
#/etc/init.d/crond stop
```
  , to prevent a new update from starting.
2. Check if an update has started and is already running by executing the following command:
```
 # ps -C fsauasc
```
  The command indicates whether the "fsauasc" application is running. If the process is listed, wait a few minutes and repeat the step.
  
  Note:
  Only proceed with the next steps when the "fsauasc" process is no longer visible on the list.
3. Stop the Automatic Update Agent (AUA) by executing:
```
#/etc/init.d/fsaua stop
```
4. Stop the Automatic Update Server (AUS) by executing:
```
 #/etc/init.d/fspms stop
```
5. Open /etc/opt/f-secure/fsaus/conf/server.cfg.
6. Find the key num_old_versions_to_compare, change the value to 50, and save the file.
7. Start the Automatic Update Agent (AUA) daemon (root privileges required):
```
#/etc/init.d/fsaua start
```
8. Start the Automatic Update Server (AUS) daemon (root privileges required):
```
#/etc/init.d/fspms start
```
9. Start the cron/crond daemon by executing:
```
#/etc/init.d/cron start
```
  or
```
#/etc/init.d/crond start
```
The overall disk space requirement for PMS increases. We estimate the disk consumption to increase by 10GB. Make sure the hard disk hosting the Policy Manager Server installation (Program files\F-Secure\Management Server 5\) has enough disk space.
Increase the cache size available on the PMP for storing files For Windows
Use the Advanced mode in Policy Manager Console (View > Advanced mode) to edit the setting.
1. Go to F-Secure Policy Manager Proxy > Settings > Communication > Cache size.
2. Increase this to 5000 (5GB) and distribute new policies. The default setting is 500.
  Verify the setting on all Policy Manager Proxy systems and adjust the settings, if needed. The setting specifies how much disk space is set aside for storing databases on the Policy Manager Proxy.
For Linux
As Policy Manager Proxy on Linux is not centrally managed, the change involves modifying a configuration file that exists on the Policy Manager Proxy system locally.
1. Stop the Policy Manager Proxy by giving the command:
```
#/etc/init.d/fspmp stop
```
2. Open /etc/opt/f-secure/fspmp/conf/proxy.cfg.
3. Find the key max_cache_size, and change the value to 5000: max_cache_size=5000.
4. Start the fspmp daemon (root privileges required):
```
#/etc/init.d/fspmp start
```
These steps for both Windows and Linux ensure that the cache size available on the PMP for file storage is increased.
Adjust the F-Secure Anti-Virus client configuration
In case the client is unable to connect to the Policy Manager Proxy, for example due to high network traffic and multiple downloads taking place, the following setting dictates how soon the client attempts to connect directly to the Policy Manager Server to download updates.

To help prevent clients from immediately falling back to downloading updates directly from the PMS:
1. In the Policy Manager Console, go to F-Secure Automatic Update Agent > Settings > Communications > Policy Manager Proxies > PMP Proxy fallback time.
2. Configure this setting to a higher value (suggest 7 hours).
  The default value is zero which means fallback to PMS takes place immediately, in which case the Policy Manager Proxy installation cannot be reached.
These steps should ensure database updates are only downloaded via the PMP.