Patch scanning slow over WAN (can it be addressed?)
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Patch scanning slow over WAN (can it be addressed?) - 3.Oct.2008 2:44:07 PM
|
|
|
jgreen
Posts: 5
Joined: 3.Oct.2008
Status: offline
|
Hello,
We are currently evaluating NSS, and it seems to be one of the easiest and most thorough scan and remediate tools on the market (we are looking to replace SCCM, and we can't stand Shavlik or other products). There is only one gotcha:
I know this topic has been posted before, and the solution recommended was to install NSS at the remote sites. In our case, this is not feasible. We have about 30 remote sites, with 4 servers each. We do not want to manage 30 NSS's for remote sites. And doing a scan from our Datacentre on over 100 remote servers takes HOURS, which cuts into our "patch window".
We have tried the "Slow Network" profile, and it makes no difference. Playing with timeout values and such doesn't help either. Anything we try (ONLY scanning for missing patches) takes about 20 minutes per host.
Why is it that deploying patches to these same hosts takes minutes, but scanning (for patches ONLY) takes so long? Some of our WAN links are 10mbps. Ping times and accessing remote shares on these systems is normally fast, but NSS and its scan or WMI query takes forever. I would love to convice management to purchase this product, but I'm going to be a bit red-faced when folks see how long it takes for NSS to scan our remote sites (we have a very tight remediation window).
Can this issue be escalated or further investigated? Is it a remote registry or WMI problem, and not NSS?
Any feedback would be appreciated. Once again, I'd like to say that GFI Languard NSS is a great product, one of the best we have evaluated., and I'm not trying to rain on the GFI parade. I want this product badly :)
Julian,
Toronto, Canada
|
|
|
|
|
RE: Patch scanning slow over WAN (can it be addressed?) - 3.Oct.2008 4:24:16 PM
|
|
|
DrewE
Posts: 476
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
GFI Languard Network Security Scanner has had trouble scanning across WAN links. It is an issue we are aware of. There is currently a beta of version 9 available, which may be resolve many of these issues. I would recommend installing the beta on a test machine and find out of it scans the machines across the WAN any faster than your version 8 software currently.
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Patch scanning slow over WAN (can it be addressed?) - 3.Oct.2008 4:58:37 PM
|
|
|
jgreen
Posts: 5
Joined: 3.Oct.2008
Status: offline
|
Just tried the beta 9 edition, and WAN scanning times are the same. Anywhere from 15-20 minutes on a single host (patches only).
Everything just zips along in the activity window, then it gets to the "Starting missing patches detection", and the 'estimated scan time" counter freezes, and 15 minutes later....it finishes.
Our challenge is this: We have a tight patch window on a Sunday morning, between the hours of 6am and noon. While there is no issue scanning our systems ahead of time, after we deploy the patches starting at 6am, we must rescan to verify our patch success. The rescan would take several hours, and we may not be able to address missed systems or manual patch installs by the time our window ends. (Datacentre and LAN is no issue, but WAN scans could take 4-5 hours)
Nonetheless, it is a great product, and we are hoping to do a proof of concept on our next patch weekend. Cheers!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
