/build/static/layout/Breadcrumb_cap_w.png

Configuring KACE box and installing agents.

We have some users who are not part of Company domain and are remote. What is the best method of installing KACE agent on these machines (Windows 7)? In order for these users to be able to connect to KACE box, what settings are required on KACE box? i.e. how KACE should be configured so that these users can connect to KACE? Thanks much.


0 Comments   [ + ] Show comments

Answers (3)

Answer Summary:
You will definitely want to use a VPN connection, or SSL on the agent for the remote users. If you are not using a VPN, you will have to place your KBOX in a DMZ with an address that can connect to the internet, and I recommend you discuss the security rammifications with support. You will need administrative access to the remote machines. You can allow unknown email addresses into the helpdesk, but if you are putting it in the DMZ, you are going to need to be concious of spam. You also will have to enter these users manually in the system rather than pulling them from Active Directory unless you create something like an AD LDS instance for the external users. Creating RSAs may help to provide better access if you can place them closer to the users than your main installation. The administrator guide should be a good resource as well.
Posted by: philologist 12 years ago
Red Belt
1

  I prefer not to let external users into the KACE, but you may have very good reasons to do so.  I would look very seriously at the security implications.  You may find you want to create two ORGs to do this.  ORGs are the only hard security barrier in the KACE.

  You will definitely want to use a VPN connection, or SSL on the agent, for the remote users.  To the best of my knowledge, SSL on agent communications is an all or nothing feature; you will be using it for all agents, and for the web interface.  If you are not using a VPN, you will have to place your KBOX in a DMZ with an address that can connect to the internet, and I recommend you discuss the security rammifications with support.

  You may have some interesting difficulties managing the machines if they are not part of the domain because you will need administrative access to their machines.

  You will also have some considerations in how to manage them in the helpdesk if they have email addresses that are not part of your domain.  You can allow unknown email addresses into the helpdesk, but if you are putting it in the DMZ, you are going to need to be concious of spam.  You also will have to enter these users manually in the system rather than pulling them from Active Directory unless you create something like an AD LDS instance for the external users.

  This isn't extremely difficult to do, it just takes careful planning before you start implementing.  I hope this gives you a good start!


Comments:
Posted by: chucksteel 12 years ago
Red Belt
0

The administrator guide includes relevant information on configuring the KBOX to allow access from outside of your network. I would suggest you read those sections. 


Comments:
Posted by: ninjamasterpro 12 years ago
Blue Belt
0

Creating KBox Replica Servers would also help in managing remote locations.


Comments:
  • Thanks. We will be settting up the replica Servers when we start with Image deployment. - sapatel 12 years ago
  • Creating replica servers will help if you can place them near the remote users. It sounds like these are external users, and it isn't a situation like a remote office where you can place an RSA on a remote network segment of your own corporate network. - philologist 12 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ