I’m currently going through an exercise to re-evalute our relay infrastructure in line with some Data Centre moves and shift in where endpoints are now compared to when our infra was built.
It’s been a seriously interesting exercise but it’s apparent that the BigFix worlds we all built maybe only 5 or more years ago, are now in a very different place in terms of requirements.
Windows Patches have increased in size, RHEL patches have increased in size and in the quantity and of course we’re now patching things like middleware, apps and even more besides.
So, I’m curious, based on today’s patching needs from Windows and Unix based OS’s, what are you all doing in relation to specs for your Primary (Top Level) Relay servers? Do you feel they still meet your needs or have you had to increase their specs a lot over the past couple of years?
Assuming you want to cache the OS patches - how are you accounting for that now too?
I know there’s a sizing guide out there but this is more a general community feel and discussion I’m after than some set in stone guides.
Hi John, Doing a similar exercise here as we have had a significant reduction in onprem servers resulting in increase in connections to remote failover/regional relays and using workstations as relays aren’t reliable due to the nature of evening shutdown, power saving etc and just general coverage for the vast number of address spaces we have. We are looking at leveraging peernest as the workhorse for file distribution which should then reduce the client need to pull content from a relay thus reducing the time of clients consuming a relay connection and the patch binaries are pulled across the local LAN…so hopefully a win win.
Our top tier relays exceed 5k devices, not concurrent connections but we easily see 20k devices showing the same relay but that is covering the entire timezone spread. We also have to limit distance for auto selection to 3 hops due to connections to very remote sites that may be 4 or 5 hops are on expensive links and no way do we want office devices hitting a relay at the end of VSAT just because it had less hops than a relay that is in an office 2 blocks away but higher hops.