Network Agent on managed devices may sometimes not connect to the Administration Server to receive updates. For example, Network Agent may have been installed on a laptop that sometimes has no internet connection and no local network access. Moreover, the administrator may limit the time for connecting devices to the network. In such cases, devices with Network Agent installed cannot receive updates from the Administration Server according to the existing schedule. If you have configured the updating of managed applications (such as Kaspersky Endpoint Security) using Network Agent, each update requires a connection to the Administration Server. When no connection is established between Network Agent and the Administration Server, updating is not possible. You can configure the connection between Network Agent and the Administration Server so that Network Agent connects to the Administration Server at specified time intervals. At worst, if the specified connection intervals are overlaid with periods when no connection is available, the databases will never be updated. In addition, issues may occur when multiple managed applications simultaneously attempt to access the Administration Server to receive updates. In this case, the Administration Server may stop responding to requests (similarly to a DDoS attack).
To avoid such problems as those described above, an offline model for downloading updates and modules of managed applications is implemented in Kaspersky Security Center. This model provides a mechanism for distribution of updates, regardless of temporary problems caused by inaccessibility of Administration Server communication channels. The model also reduces load on the Administration Server.
How the offline model of update download works
When the Administration Server receives updates, it notifies Network Agent (on devices where it is installed) of the updates that will be required for managed applications. When Network Agent receives information about these updates, it downloads the relevant files from the Administration Server in advance. At the first connection with Network Agent, the Administration Server initiates an update download. After Network Agent downloads all the updates to a client device, the updates become available for applications on that device.
When a managed application on a client device attempts to access Network Agent for updates, Network Agent checks whether it has all required updates. If the updates are received from the Administration Server not more than 25 hours before they were requested by the managed application, Network Agent does not connect to the Administration Server but supplies the managed application with updates from the local cache instead. Connection with the Administration Server may not be established when Network Agent provides updates to applications on client devices, but connection is not required for updating.
To distribute the load on the Administration Server, Network Agent on a device connects to the Administration Server and download updates in random order during the time interval specified by the Administration Server. This time interval depends on the number of devices with Network Agent installed that download updates and on the size of those updates. To reduce the load on the Administration Server, you can use Network Agent as distribution points.
If the offline model of update download is disabled, updates are distributed according to the schedule of the update download task.
By default, the offline model of update download is enabled.
The offline model of update download is only used with managed devices on which the task for retrieving updates by managed applications has When new updates are downloaded to the repository selected as the schedule type. For other managed devices, the standard scheme is used for retrieving updates from the Administration Server in real-time mode.
We recommend that you disable the offline model of update download by using the settings of the Network Agent policies of relevant administration groups in these cases: if managed applications have the retrieval of updates set not from the Administration Server, but from Kaspersky servers or a network folder, and if the update download task has When new updates are downloaded to the repository selected as the schedule type.