The following article details how to install a Sophos Update Manager (SUM) which is also configured to be a message relay via the SUM boot-strap executable setup.exe. This is a suitable configuration for a remote site where you wish all clients to update and communicate via a local server.
Note: Sophos recommends that message relay computers have a static IP address.
Applies to the following Sophos product(s) and version(s)
Sophos Update Manager
What To Do
Ensure you have a working Enterprise Console installation that is updating successfully before continuing. The following instructions can be used as a guide.
On the management server:
- Create a new Enterprise Console group for each intended message relay computer.
- Discover and add each of the message relay computers to their newly created group.
Note: This is recommended as each SUM server is expected to update from itself and therefore an updating policy for each will be required.
On each of the SUM computers:
- Navigate to the SUMInstallSet share on the management server, e.g.
\\[SophosServer]\SUMInstallSet\ and copy the contents of the share including sub-directories to the local computer. For example: C:\SUMInstallSet\.
- In the local directory edit the file 'mrinit.conf' in a text editor such as Notepad. The line starting "ParentRouterAddress" should be updated to reflect the IP address, FQDN (if exists) and NetBIOS name of the future message relay (local) computer.
Note: the values are separated by commas with no space between.
Once updated save the file.
- Run setup.exe from the local directory to start the installation of Sophos Update Manager (SUM) and Remote Management System (RMS) component.
Note: If RMS is already installed it will prompt you to uninstall RMS first.
On the management server:
- The newly installed SUM should, after a short period of time, i.e. 2 minutes, be listed in the 'Update Managers' list. The computer should also be listed as managed and connected in the Enterprise Console group you created earlier.
- Create a new updating policy for each of the message relays and link them to the Enterprise Console groups created earlier. The update location should be the local SUM server, e.g. \\[SUMRelayServer]\SophosUpdate.
Note: Also check in the updating policies that the subscription name is correct and contains the expected version.
- Once the policies have been applied and you have configured the Update Managers to create their distribution points, you can then protect the message relay computers with Sophos Anti-Virus.
You have now successfully created a SUM and message relay infrastructure to update and manage clients.