Add an additional update manager

Sophos Update Manager (SUM) is always installed on the computer where you install Sophos Enterprise Console. If you selected Custom Setup during the installation, this is the computer where the management server is installed.

You can add one or more additional update managers to your network. You may want to do this to reduce the load on the update manager that is already installed and distribute updates more efficiently. You can install an additional update manager on a computer that does not yet have an update manager installed.

Important Do not remove the update manager installed on the same computer as the Sophos Enterprise Console management server. Sophos Enterprise Console cannot protect the network fully until this update manager is configured with an update source. This will enable Sophos Enterprise Console to receive necessary updates (for example, information about the versions of security software that endpoint computers should be running, new and updated Content Control Lists for data control, or the list of new controlled devices and applications).

To enable an additional update manager to download security software from Sophos or another update manager via HTTP, open TCP port 80 (outbound) on the computer on which you want to install the additional update manager. To enable the update manager to download security software from another update manager via a UNC path, open the following outbound ports on the computer: UDP port 137, UDP port 138, TCP port 139, and TCP port 445.

If the computer is running a version of Windows that includes the Network Discovery feature, and the feature is turned off, turn it on and restart the computer.

If User Account Control (UAC) is enabled on the computer, turn off UAC and restart the computer. You can turn UAC on again after you have installed the update manager and subscribed to Sophos updates.

If the computer is in a domain, log on as a domain administrator.

If the computer is in a workgroup, log on as a local administrator.

The update manager installer is located on the computer where Enterprise Console management server is installed, in the shared folder \\Servername\SUMInstallSet. To view the location of the installer, go to the View menu and click Sophos Update Manager Installer Location.

You can install Sophos Update Manager using Windows Remote Desktop.

To install an additional update manager:

  1. Run the Sophos Update Manager installer Setup.exe.
    An installation wizard is launched.
  2. On the Welcome page of the wizard, click Next.
  3. On the License Agreement page, read the license agreement and click I accept the terms in the license agreement if you agree to the terms. Click Next.
  4. On the Destination folder page, accept the default or click Change and enter a new destination folder. Click Next.
  5. On the Sophos Update Manager Account page, select an account that endpoint computers will use to access the default update share created by the update manager. (The default update share is \\<ComputerName>\SophosUpdate, where ComputerName is the name of the computer where the update manager is installed.) This account must have read rights to the share and does not need to have administrative rights.

    You can select the default user, select an existing user, or create a new user.

    By default, the installer will create the SophosUpdateMgr account with read rights to the default update share and no interactive logon rights.

    If you want to add more update shares later, select an existing account or create a new account that has read rights to those shares. Otherwise, ensure that the SophosUpdateMgr account has read rights to the shares.

  6. On the Sophos Update Manager Account Details page, depending on the option you selected on the previous page, enter a password for the default user, details for the new user, or select an existing account.

    The password for the account must comply with your password policy.

  7. On the Ready to Install the Program page, click Install.
  8. When installation is complete, click Finish.

The computer where you installed Sophos Update Manager should now appear inSophos Enterprise Console, Update managers view. (On the View menu, click Update Managers.)

To configure the update manager, select it, right-click, and then click View/Edit Configuration.