Starting from version 13.00, Business Suite products are switching to GUTS2 as a replacement for BackWeb to download virus definition updates. From now on Policy Manager will use GUTS2 to download all needed updates, including those for 12.x Client series and previous.
GUTS2 is the new updates delivery infrastructure from F-Secure to distribute updates worldwide for all company products. Compared to BackWeb, it is more efficient in delivering diffs, as well as being more proxy friendly and easier to maintain. GUTS2 also features a global identifier for updates, which eliminates downloading full updates when switching between the F-Secure Cloud and Policy Managers.
Note: The Policy Manager Server will keep distributing updates via both BackWeb and GUTS2 protocols as long as older clients are supported.
Update diff handling
In the GUTS2 protocol, Policy Manager does not have to generate diffs on its own, saving CPU and IO resources, but rather relies on the cloud infrastructure to fetch diffs. The amount of diffs stored in the cloud is significantly larger than with on-premise diffs generation (for example: ~200 versions for Aquarius updates).
With the new protocol, on-demand downloads have been enabled to download only the relevant updates. For example, in environments without Linux products, the Policy Manager Server will not maintain Linux updates.
Note: No updates are requested from the Internet when computers are not in use. Every GUTS2 update is downloaded only when requested. This may cause a slight delay for the first client requesting an recently released update.
If another client connects to the Policy Manager requesting a diff from the same previous version, an update is served immediately.
If a client was offline and missed one or several updates, it requests a diff from the previous version in use and repeats steps 3-6; this is the reason why the updates cache for each version might contain several diffs from different previous versions.
The Policy Manager Server (PMS) maintains a cache of downloaded updates, which typically occupies 2-3GB of disk space. The PMS keeps a certain number of updated versions (10 by default); however, it is not equivalent to 'num_old_versions_to_compare' parameter in the AUS server.cfg configuration file. Saved versions are used only for re-building full updates, so changing the number of versions to keep will only make refreshing stored full content either more or less frequent.
When a new (11th in the default configuration) version is downloaded, the first (oldest) one is removed. If the oldest version contains full update content, and it is the only version with full content, the PMS builds full content for the newest version (requests required diffs from the F-Secure Cloud, if needed), and drops the old version completely.
To limit the cache size, Policy Manager maintains just 2 full archives for the channel which resides in the latest 2 versions. Every successful content building is followed by a clean-up procedure. It checks for the left content/archives and removes redundant (more than one full content and more than two archived out of the latest 2 versions).
<F-Secure installation folder>\Management Server 5\data\fspms.proxy.config
<F-Secure installation folder>\Management Server 5\data\guts2\updates
<F-Secure installation folder>\Management Server 5\logs
<F-Secure installation folder>\Management Server 5\config\channels.json
Updates for older clients are not downloaded if there are no clients with AUA component of 9.x and older versions in the environment.
To modify the default number of versions to keep in the updates cache, use the additional Java argument: '-DkeepGuts2UpdatesCount=n'
To modify a default 10 minutes interval for refreshing updates metadata from F-Secure, use the additional Java argument: '-DupdatePollingInterval=n' (where n is minutes)
The PMS limits the number of concurrent downloads of potentially large packages (50 by default) it serves to hosts. GUTS2 archives have also been included in the list of "protected" traffic types; these are now: installation packages, SWUP updates, SWUP databases and GUTS2 archives. Use '-DmaxSynchronousPackageRetrievalRequests=n' to change the default limit.
Windows AUA is automatically uninstalled during upgrade when no longer needed for other products like Server Security.
Linux AUA has to be manually uninstalled if not needed anymore; for example, for Linux Security.