Policy Best Practices › Create a Content Update Policy

Create a Content Update Policy

The Content Update policy lets you configure how Content Updates are downloaded and distributed to CA TM client machines. If you are using CA TM in a tiered implementation, you should create a Content Update policy for each tier of machines in your organization. This means you would create a policy for your Tier 1 machine, the CA TM Server, tier 2 Redistributions Servers, tier 3 high risk machines, tier 4 regional Redistribution Servers, and finally tier 5 laptops, desktops, and other CA TM client machines.

Note: In a tiered implementation, the CA TM Server is typically your Tier 1 machine, but is considered a client to your tier 2 Redistribution Server(s). This means it should not be polling the CA Content Update Server, but instead getting its updates from a tier 2 Redistribution Server.

Recommendation: Plan the layout and location of all Redistribution Servers for your organization before you begin creating your Content Update policies.

To create a Content Update policy

1. On the Policy Management tab, select Common from the tree.

   The Common page appears in the right pane.

2. Select Content Update.

   The Content Update tabs appear on the right side of the page.

3. Click New and enter a policy name in the description field of the Policy tab.
4. Click the Update Scheduler tab and choose the appropriate settings for the policy you are creating.

   The Update Scheduler tab determines how frequently polling occurs. The initial poll takes place at system startup and subsequent polls occur as specified on this tab.

   Recommendation: Establish a balance between polling too often (for example, every 5 minutes) and not often enough (for example, every 72 hours). The objective is to ensure that every computer can easily access Content Updates and that there is time to distribute the updates across the enterprise.

   For example the timing of polls should be similar to the following example:

   • For tier 2 Redistribution Server(s) that poll the CA Content Update Server, set the time to 00:00. Repeat the poll on an hourly basis.

     

   • For tier 3 high risk machines, set the time counter to 00:15 to pull their updates from tier 2 Redistribution Servers. This should allow adequate time for the tier 2 servers to download and make the updates available.
   • For tier 4 machines, set the time counter to 00:30 to pull updates form tier 2 Redistribution Servers.
   • For tier 5 client machines, set the time counter to 00:45 to pull updates from tier 4 machines.
5. Repeat this process for the Components, Download Settings, Redistribution Components, Legacy Components, and Redistribution Server tabs.

   The Components tab lists the individual components to download and make available. The list includes updates for the scanning engine and base products.

   • Components

     Specifies the individual components to download, including updates for the scanning engine and base products.

     Note: When selecting components, make sure to select the components for the next lowest tier of machines. For example, if you are creating a Content Update policy for a Tier 4 regional Redistribution Server, you must choose the components for the Tier 5 laptops, desk tops and CA TM clients. Otherwise, the tier 5 machines that pull updates from this server will not receive the correct update components and will be out of date.

   • Download Settings

     Specifies the servers from where updates are retrieved. Up to six servers can be specified.

     In a small organization, your Download Setting might consist of a single Redistribution Server followed by the CA Content Update Server.

     In a tiered implementation, you will most likely have multiple Redistribution Servers in the Download Settings. For example, a high availability policy for a CA TM client machine in large organization might look similar to this:

   1. A regional or local Redistribution Server as the first server to contact for updates
   2. A 2nd regional or local Redistribution Server
   3. A remote Redistribution Server located at corporate headquarters
   4. The CA Content Update Server at etrustdownloads

      The URL for the CA Content Update Server is http://etrustdownloads.ca.com:80 (port 80).

6. After completing the policy settings, click Apply to save the policy.
7. Click Assign in the Policies area of the page.

   The Assign Branches dialog appears.

8. Select the branch to assign this policy to and click the right arrow.
9. Click Assign Branches.

   The policy is assigned to the specified branches.