Configuring KACE box and installing agents.
We have some users who are not part of Company domain and are remote. What is the best method of installing KACE agent on these machines (Windows 7)? In order for these users to be able to connect to KACE box, what settings are required on KACE box? i.e. how KACE should be configured so that these users can connect to KACE? Thanks much.
Answers (3)
You will definitely want to use a VPN connection, or SSL on the agent for the remote users. If you are not using a VPN, you will have to place your KBOX in a DMZ with an address that can connect to the internet, and I recommend you discuss the security rammifications with support. You will need administrative access to the remote machines. You can allow unknown email addresses into the helpdesk, but if you are putting it in the DMZ, you are going to need to be concious of spam. You also will have to enter these users manually in the system rather than pulling them from Active Directory unless you create something like an AD LDS instance for the external users. Creating RSAs may help to provide better access if you can place them closer to the users than your main installation. The administrator guide should be a good resource as well.
I prefer not to let external users into the KACE, but you may have very good reasons to do so. I would look very seriously at the security implications. You may find you want to create two ORGs to do this. ORGs are the only hard security barrier in the KACE.
You will definitely want to use a VPN connection, or SSL on the agent, for the remote users. To the best of my knowledge, SSL on agent communications is an all or nothing feature; you will be using it for all agents, and for the web interface. If you are not using a VPN, you will have to place your KBOX in a DMZ with an address that can connect to the internet, and I recommend you discuss the security rammifications with support.
You may have some interesting difficulties managing the machines if they are not part of the domain because you will need administrative access to their machines.
You will also have some considerations in how to manage them in the helpdesk if they have email addresses that are not part of your domain. You can allow unknown email addresses into the helpdesk, but if you are putting it in the DMZ, you are going to need to be concious of spam. You also will have to enter these users manually in the system rather than pulling them from Active Directory unless you create something like an AD LDS instance for the external users.
This isn't extremely difficult to do, it just takes careful planning before you start implementing. I hope this gives you a good start!
Creating KBox Replica Servers would also help in managing remote locations.
Comments:
-
Thanks. We will be settting up the replica Servers when we start with Image deployment. - sapatel 11 years ago
-
Creating replica servers will help if you can place them near the remote users. It sounds like these are external users, and it isn't a situation like a remote office where you can place an RSA on a remote network segment of your own corporate network. - philologist 11 years ago
