I am about to deploy a new small office (3 PC’s) network based on Windows Server, Active Directory and Group Policy in a small school environment. We currently have approx 33 AVAST Professional licenses covering the existing school PC’s. Apart from one existing office PC running AVAST 5 as a trial, all are running AVAST V4.8.
The rollout of the new office PC’s is imminent. These will directly replace the existing office PC’s.
There will be a rollout to a new ICT suite during the summer which will likely entail the purchase of some new licenses as there may be an increase in school PC numbers.
Currently rollout of AVAST has been ad-hoc, so no use of distributed network manager has been made use of. But with the new Windows Server, central management via ADNM or group policy is required to approx 20 new PC’s.
With there currently being no V5 version of ADNM, unless I am mistaken, what is the best approach to deploy the 3 office machines :-
Deploy 4.8 and ADNM
or manually deploy V5 on the 3 new office PC’s and leave the 20 or so to the summer when ADNM V5 is hopefully available?
If the legacy version is deployed, what is the implications when upgrading to V5?
If new version is deployed, what are implications of bringing them back under ADNM control when V5 is released?
Are there any msi versions available for deployment via group management or at least creating a single pre configured deployment config file containing settings and license info?
What would you do if, in a Windows 2008R2 active directory environment, you were deploying 3 Windows 7 PCs this week and a further 21 in about 8 weeks time?
Go with 4.8 and ADNM or go with V5 and manually install? Or something else?
i think its best to deploy all under 4.8 with ADNM…
the new server will function as the AMS server (ADNM) and updating definitions and program will occur from a single point in the network.
this way your internet connection is not hampered every xx minutes from all the avast clients checking for updates and downloading updates separately, this will be done only by the ADNM server and the avast client traffic is only on your highspeed local network
all clients (except the v5 one, remove this first with the removal tool) can be push installed with 4.8 managed client (yes u need to push the managed client over the normal 4.8 installation).
Assuming Avast software has created the upgrade possibility of 4.8 managed clients to the new v5 managed client you can then push the v5 client over the 4.8 client and do your joy dance
This way u comply with the guidelines set by your company already (centralized managed solutions).
but that is from a control point of view…
There is also the posibility to put the 3 new machines in test with v5 too and wait for the new v5 equivalent of ADNM. Tho its totally unsure when it will come out, the blog mentions a hope for summer 2010 but a hope is not something sure… which means you will have to run with a decentralized unmanaged AV sollution for the time until the new software comes out. When it comes out you probably have to manually remove avast from the stations (its what i would do in such small enviroment) and push the installation of the newest managed client to the stations at once and your done…
The downside is that all the clients check on internet for themselves for updates and individually download updates for definitions and program, meaning 20 times more internet traffic usage then when using a central server that downloads the updates
with these scenario’s i assume that all computers are in the same building
i believe the questions here would be:
can we wait with updating to the newest ADNM v5 version for centralised management of AV sollution or not
if not, why can we not wait? (if this is a crappy reason like “we like to see all the icons orange” then u can wait)
how strict is your policy to centrally manage adnm at this moment. Clearly the new software is not here yet but its coming. you are protected at this moment so how mandatory is the policy to centraly manage something
edit: i started typing this 5 hours ago but i got disturbed and had to go into a meeting until now
Reason for wishing to going with v5 now are…
I prefer the colour orange - just kidding
Wonder if v5 is better at scanning than v4.8
Some point v4.8 will be discontinued
I did a trial install on test network a while back of adnm and could not get it working - built in SQL not compatible with Microsoft Server 2008R2/64 bit and could not get our own SQL Server 2008 recognised by adnm. Was hoping v5 adnm might fix this by supplying a later integrated version of sql.
v5 will fix your issues for sure, its completely build up from scratch using silverlight for user interface (if i understood the blogs right)…
i would suggest running another DB instance on your database server instead of using the integrated db software when it comes out (if u have the DB server, make use of it!)
the update sequence from adnm 4 aint really fast, but it will be supported as long as there is no v5
v4.8 client software… not sure but i would say wont drop support for it as long as there is still a significant user base for it
ofcourse these are assumptions from my side…