{{ $t('productDocDetail.updateTime') }}: 2025-12-30

2.3.1.1Feature Description

P2P deployment allows you to download the Athena EPP agent in parts from multiple seed nodes that have the Athena EPP agent installed. Compared to the previous single-channel Athena EPP agent download from the Athena EPP manager, this deployment method accelerates installation and upgrade and reduces the bandwidth usage of the Athena EPP manager. P2P deployment is disabled by default. However, it is recommended to enable P2P deployment and use it in combination with the installation methods described in the subsequent sections.

Go to System > System > Deployment and Upgrade, and select Enable P2P for installation and upgrade under P2P Settings, as shown in the following figure.

Non-distribution Endpoints: Seed nodes will enable the HTTP service to provide multipart downloads. Select the endpoints you do not want to use as seed nodes for this field.

Download resources from Sangfor server first: By default, endpoints download resources from the Athena EPP manager when there are no distribution endpoints. Once enabled, endpoints download resources from the Sangfor server (CDN cache) first when they have Internet access and download resources from the Athena EPP manager when there is no Internet access.

Excluded IP Addresses: Exclude endpoints directly communicating with the Athena EPP manager to avoid business interruption caused by excessive Internet bandwidth usage during Athena EPP agent deployment or upgrade.

2.3.1.2Scenarios

Scenario 1: The network bandwidth between the Athena EPP manager and Athena EPP agent is insufficient, and the bandwidth of the egress interface for Internet access is also insufficient.

Policy for Athena EPP agent: Update the Athena EPP agent and databases based on P2P deployment to reduce the bandwidth usage between the Athena EPP manager and the office network. Implement this policy first on non-critical business endpoints and then on critical business endpoints.

Policy settings for the Athena EPP manager:

1. Do not select Download resources from the Sangfor server first.

2. Select critical business endpoints for Non-distribution Endpoints.

Establishment of a seed node network for P2P deployment:

1. PC 1: Obtains the databases and upgrade package of the Athena EPP agent from the Athena EPP manager during the installation of Athena EPP.

2. PC 1: Sends a request to the Athena EPP manager to become a seed node after the installation. Athena EPP manager: Adds PC 1 to the seed node list.
3. PC 2: Checks with the Athena EPP manager to determine whether seed nodes are in the seed node list during the installation of Athena EPP.
4. Athena EPP manager: Queries the seed node list. If a seed node is in the same network segment (such as PC 1), the Athena EPP manager pushes down the P2P policy for PC 2 to download resources from PC 1.
5. PC 2: Downloads the databases and the upgrade package from PC 1 after receiving the P2P policy, starts the installation, and repeats Step 2.

Scenario 2: The bandwidth of the dedicated network or VPN between the headquarters and a branch is insufficient, but the bandwidth of the egress interface for Internet access at the branch is sufficient.

Policy for the Athena EPP agent: Update the Athena EPP agent and databases based on P2P deployment to reduce the bandwidth usage between the headquarters and the branch. Implement this policy first on non-critical business endpoints and then on critical business endpoints.

Policy settings for the Athena EPP manager:

1. Do not check Download resources from Sangfor server first.

2. Specify critical business endpoints for Excluded IP Addresses to avoid business interruption caused by excessive Internet bandwidth usage during the Athena EPP agent upgrade.
3. Select critical business endpoints for Non-distribution Endpoints.

Establishment of a seed node network for P2P deployment:

1. PC 1: Obtains the databases and upgrade package of the Athena EPP agent from the Sangfor server during the installation of Athena EPP.

2. PC 1: Sends a request to the Athena EPP manager to become a seed node after the installation. Athena EPP manager: Adds PC 1 to the seed node list.
3. PC 2: Checks with the Athena EPP manager to determine whether seed nodes are in the seed node list during the installation of Athena EPP.
4. Athena EPP manager: Queries the seed node list. If a seed node is in the same network segment (such as PC 1), the Athena EPP manager pushes down the P2P policy for PC 2 to download resources from PC 1.
5. PC 2: Downloads the databases and the upgrade package from PC 1 after receiving the P2P policy, starts the installation, and repeats Step 2.

Comparison of the two scenarios:

1. Similarities between Scenario 1 and Scenario 2: Both scenarios have limited bandwidth between the headquarters and branches. Seed nodes are created based on P2P deployment during the early policy implementation stage, reducing the bandwidth usage of the dedicated network or VPN.

2. Advantages of Scenario 2 over Scenario 1: Using Download resources from Sangfor server first can distribute most of the traffic to the branch's egress interface for Internet access during the early stage, avoiding the impact of excessive bandwidth usage of the dedicated network or VPN on business systems. Adding the IP addresses of critical business systems in Excluded IP Addresses can prevent the impact of excessive Internet bandwidth usage on public access to these essential business systems.