There has been some discussion in my office about replication shares. We currently have about 16,000 machines. Of these 5,000 machines get software pushes every month or so ranging from 300 MB - 800 MB in size. We will be utilizing patching here in the next few months as well, moving off of our current patching solution for those 5,000. 

My question is this. Is there anyone that chooses not to use replication shares, and if so why? Can you describe your machine count, and environment? How often are you doing pushes with an average file size.

The same question for those of you that do utilize them... machine count, environment, bandwith, how many do you have.

The same for RSAs if used.

I am aware of the setup, and what both Rep Shares and RSAs do. I'm just looking for a general consensus here. 

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

3

as soon you have more than one branch a replication share is a MUST HAVE.

RSA depending on the company. If you have your own IT staff in each branch office it is a good idea, but if you have centralized IT staff, a RSA might not be needed.

My test environment and also our second net is not counting, I don't use both here, as the environment is way too small for it.

Bundling both on the same system is a smart idea but I don't really like the idea, because the RSA should reside on a virtualization box and the virtualization of a NAS is not always a good idea.

Answered 04/22/2013 by: Nico_K
Red Belt

  • I agree, nobody likes what happens when patches/software distributions go corrupt because the machine sharing them is under load doing something else...
  • Nico,
    How many machines do you have? What's considered too small for you?
    • it is only a test lab, most of the systems should not be patched as they will be reinstalled after a couple of days for checking issues etc. Also many VM are there which are not updated. The "production" network there has only a fistful of systems, roundabout 20 or so. My "own" testing lab has also only few systems (2 servers, 3 notebooks and ca 30 vm) this is way too small for a RSA (well there is one running from an older test, I see, but it never was really
      used)
  • In our case, as was recommended by our KACE salesman, we have PCs with slightly beefed up specs running Windows 7 and using VMPlayer to run the RSA. It was suggested that since the PC itself is just a shell for the VM, we could use the hard drive space for the rep share. Would that not be recommended?
    • Depends on the number of machines connecting up. It may be able to take the load just fine. Whenever I do VMs at the workstation level I recommend using a SSD with a decent volume. You get the IOPs you need for these types of operations.
Please log in to comment

Answers

2

We use them in my environment. Our reasons for doing so are pretty simple. It takes the congestion off of our WAN channels to allow for other traffic to move. It improves patching and distribution performance at our remote locations. The only situation where I wouldn't do this was if All my machines were in the same relative LAN segment with the KBOX. Even in this situation I'd still use a share or two just to take some load off of the KBOX. Your experience and results may vary, but for the number of machines you manage I'd be using them in a heartbeat.

Answered 04/22/2013 by: GeekSoldier
Red Belt

  • How many machines vs. rep shares do you use?
  • That's a better question for KACE support, but I know that I manage 330 nodes with a K1100 physical appliance. Our primary reason is the 10Mbps WAN links we use to talk to our remote sites. They range from 7-8 machines up to 60 machines in one location. All the agent chatter still goes over the WAN, but the movement of large files takes place locally. When implementing shares make sure the machine you use can take the hit for the machines that may bombard it.
    • If you have more than 10 systems in a location, you will probably want to use a server OS for the replication share: http://www.kace.com/support/resources/kb/article/creating-replication-shares-recommended-oss
      • Thanks, I wasn't sure where the line was drawn on this, but I gather this has something to do with the default number of connections allowed to a shared folder in Windows?
      • Wow that kind of puts a wrench in our rep share deployment... Thanks for the link, it led to some enlightening research.
  • The limit to 10 machines applied to Windows XP. Windows 7 and Windows 8 both allow 20 connections.
    • According the the certification prep materials I'm using the cap in Windows 7 is still 10 machines.
      • I think there were a couple of early versions of Win7 (32 bit?) that still only allowed 10. You can run "net config server" and it should show you what is available under Max users: http://support.microsoft.com/kb/556004

        If you can use it in your environment, you can run a replication share on Ubuntu 12.04 and it works pretty well.
      • Either way, it's far below what we would require. Looks like we'll be installing Server OS on those PCs...
      • Type winver at a command prompt and look at section 3f. Earlier versions like jknox said below may have only allowed 10.
      • I'm thinking the certification materials I have are for the initial release which makes sense.
  • This content is currently hidden from public view.
    Reason: Removed by member request
    For more information, visit our FAQ's.
Please log in to comment
2

We currently don't use replication shares but will be implementing it very soon.  We have 30,000 machines at 80+ different sites, so we will be making the PC that runs each RSA the rep share for that location.  We tried patching from the K1 but it was a disaster because of our size and it just overloaded the K1.  We would have to stagger it heavily to get it working and it would just be a nightmare to manage.  Our KACE rep suggested using rep shares off the RSA PC, so we will give that a go very soon.

Answered 04/22/2013 by: nheyne
Red Belt

  • We use a server at each site for our replication share. The numbers we support at each site are relatively small, but you want to make sure that whatever you use it has the capability to hold enough data and send it fast enough for the number of nodes that may be demanding it. If I were to use a typical PC style workstation I would equip it with an SSD for the performance boost.
    • We don't have the ability to edit any specs because the machines are already deployed, but thanks for the info! They are decent machines with 1gbps nic, guess we'll see what happens...
  • If you have multiple subnets at each location you could try using 1 workstation on each subnet to help distribute the load. Just make sure whatever you do that you disable failing over to the K1000. That one has haunted some people when the replication share is turned off when patching starts... Another good practice is creating a smart label for each subnet you manage. The convention I use since each subnet represents the entire location is MACHINE : LOCATION : CITYNAME. Then I'll define the criteria as IP begins with 10.1.0. or whatever the case may be. You may opt for something like MACHINE : LOCATION : SITE : SUBNET# or whatever works for you.
    • Again, thanks for the info! I will have to see how I can make that work for us, we use up to 15 subnets at each location so it could be difficult going that route. I will definitely make sure we turn off the failover setting.
  • Make sure you use a clear naming convention. You'll want to create more than one RS for each site simply due to the volume of machines you'll be supporting. It's better your KBOX only has to talk to 15 machines at a remote site vs the hundreds it may have to. This will keep your KBOX and your network administrator happy.
  • NHeyne,
    What's your client check in time at with 30,000 machines? I'm assuming you have just the one Kbox?
    • Every 2 days, as was recommended during our JumpStart. Yes, just the one Kbox.
Please log in to comment
2

I use both RSAs and Replication. My one complaint is that you can't cascade RSA's to one another. (I.e. Instead of our India office pulling from the UK, they pull from the K2 in the US).  They seem to be working just fine so far. We have around 200 machines on them. The way we like to do it is that the RSAs look to the IP Subnet of each office. So if someone is in the HQ they use our normal servers, if they're in another office and have the IP from it when we push software to them it automatically comes from that offices RSA.

And I know you said you don't need any info on installation, but I can't help but mention a couple of blogs I posted here. Both on ESX implementation of RSA and Replication. So if you're doing an ESX implementation it might be worth a gander!

Answered 04/22/2013 by: samzeeco
Tenth Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity