Deploying an endpoint package on the auto-update server

Follow these steps to deploy a new package using the auto-update mechanism.

Steps

  1. Create the package.

    Use the endpoint package builder to create a new package. The package builder generates a folder with several installation packages, one per each version of the operating system.

    Note: If you plan to use auto-update frequently, make sure that new packages point to an auto-update server. This option is configured on the Server Connection screen in the package builder:

    1. Select the Receive automatic software updates option.
    2. In the URL field, set up a URL for automatic updates:
      • If you have installed an Apache HTTPD server (Windows or Linux), the URL should be: http://<server:port>/EPUpdate/update
      • If you have installed an IIS server, the URL should be http://<server:port>/EPUpdate/update.bat
    3. In the How often should endpoint clients check for updates field, set up a schedule for how often the endpoint machines should check for updates. Forcepoint recommends setting this option 10 minutes.
  2. Add package metadata:
    1. On the management server, open a command prompt and change to the %DSS_HOME% directory:
      cd %DSS_HOME%
      Note: This document refers to the Forcepoint DLP folder as %DSS_HOME%. The default %DSS_HOME% location is C:\Program Files (x86)\Websense\Data Security, but may be a different location based on your specific installation.
    2. Run the following command (in a single line):

      python EP_Prepare_Package4Update.py <Path-to-folder-withpackages>

      where <Path-to-folder-with-packages> is the location of the Forcepoint F1E package created in the previous step.

      After running this command, a new subfolder called .private is created inside the folder with the generated package. This subfolder contains metadata about the package.

  3. Copy the package to the Web server machine:

    Copy the entire contents of the generated package folder (along with the .private folder containing the metadata) to the Web server machine (into EP_UPDATE_ROOT/data). For example, the Win32 installation will be located in EP_UPDATE_ROOT/data/FORCEPOINT-ONE-ENDPOINT-x32.exe.

    Be aware that if you copy an older endpoint package to the Web server (inadvertently or otherwise), the endpoint machine will download and install the older version.

  4. Rename the executable files:
    The executable files in the EP_UPDATE_ROOT/data folder, as well as the metadata file in the .private folder, need to be renamed from FORCEPOINTONE- ENDPOINT to WebsenseEndpoint:
    • WebsenseEndpoint_32bit.exe
    • WebsenseEndpoint_64bit.exe
    • WebsenseEndpoint_32bit.exe.txt
    • WebsenseEndpoint_64bit.exe.txt

Result

Now your server is ready. Whenever there is a new Forcepoint DLP Endpoint release, copy the updated release binaries to your auto-update server, and the endpoints will update at the next scheduled time.
Important: At the completion of any endpoint update, you must restart the endpoint machine to ensure the update takes effect.