Has anyone put their KACE appliace on the internet?
-
We are wanting agents to run so I'm going to open the ports for those but otherwise things are running great. - pcgizzmo 9 years ago
Answers (5)
Comments:
-
I've got a similar question as the original poster, do you know if doing this process would cause any hiccups or anything of the sort if our system is up and running? My team just wants to make sure we know all the facts before we move forward since we have multiple orgs and have deployed to a few hundred clients.
Running v6.2.109330 - mdettmer 9 years ago-
We didn't lose communication with any agents. They all automatically switched to checking in via SSL. Initially you lose communication with all agents but slowly they check in depending on your inventory interval. We didn't disable port 80 until we knew we were good to go... - jegolf 9 years ago
We are placing our new kbox in our offsite datacenter in a DMZ VLAN with ACLs on the firewall. Below are the ports we'll open (if anybody knows if these should be changed please let me know). I set up a replication point on a server in our office. Laptops that check in with a corporate network (office) IP address will get the replication point label and download files/patches from it. Laptops that don't have a corp IP will download files/patches from the kbox in the datacenter. Everything will be on SSL.
Ports:
From Outside of corp network:
a. Allow https from anywhere to Kace.
b. Allow agent heartbeat (52230/tcp) from anywhere to Kace.
From Kace server in Corp DMZ network:
a. Allow SMTP (25 and 587/tcp) to anywhere for Email.
b. Allow sftp (22/tcp) to anywhere for auto-backups to a cloud site we use, or just send them back to the replication point.
c. Allow Ldaps (636/tcp) to AD servers.
d. Allow https from Corp network to Kace for management.
e. Allow https between Kace and replication point.