/build/static/layout/Breadcrumb_cap_w.png

Has anyone put their KACE appliace on the internet?

We are going to be putting our Kace appliance on the web for our outside sales people to access.  Of course I will add an ssl to the Kace box but has anyone else done this? Are there any gotchas or things I need to look at before doing proceeding?   Thanks...

1 Comment   [ + ] Show comment
  • We are wanting agents to run so I'm going to open the ports for those but otherwise things are running great. - pcgizzmo 9 years ago

Answers (5)

Answer Summary:
Posted by: SMal.tmcc 9 years ago
Red Belt
2
Our laptops check in via the kbox.  When we had one stolen I was able to push a script to cripple it since the kbox was available on the internet.

Comments:
  • Hah! We solved a lot of our laptop mysteries as well. Once those missing laptops checked in we found out exactly who had them. Did find a stolen one too. - jegolf 9 years ago
  • That sounds awesome. Can you share that script? It sounds very useful. - bens401 9 years ago
Posted by: merklo 9 years ago
Senior White Belt
1
We did this and it works just fine with only 443 open (i am sure agent heartbeat is needed for something, but we have not noticed it yet). 

One silly thing to keep in mind: if you have shutdown scripts or other tasks enabled for internal clients, they may fire on computers connected from home after you make KBOX visible from outside. We had a global online shutdown script that fired after hours on anything connected to the kbox. When we enabled outside access, that was one of the things we forgot to adjust... you should have seen the tickets that came in the next morning. 


Posted by: chucksteel 9 years ago
Red Belt
0
Our KBox is accessible outside of our network. Other than requiring SSL I don't think there are any particular precautions that we took.

Posted by: jegolf 9 years ago
Red Belt
0
As long as you've got a good resource on your team to assist you should be fine. It was pretty straightforward. Our Unix guy got us set up in no time (also our cert guy). I was worried about the agents checking in but we had no issues. I remember only finding documentation on the knowledge base and we thought it was a little clunky but again if someone familiar with SSL gives it a once over you'll be fine...

Comments:
  • I've got a similar question as the original poster, do you know if doing this process would cause any hiccups or anything of the sort if our system is up and running? My team just wants to make sure we know all the facts before we move forward since we have multiple orgs and have deployed to a few hundred clients.

    Running v6.2.109330 - mdettmer 9 years ago
    • We didn't lose communication with any agents. They all automatically switched to checking in via SSL. Initially you lose communication with all agents but slowly they check in depending on your inventory interval. We didn't disable port 80 until we knew we were good to go... - jegolf 9 years ago
Posted by: bens401 9 years ago
Purple Belt
0

We are placing our new kbox in our offsite datacenter in a DMZ VLAN with ACLs on the firewall. Below are the ports we'll open (if anybody knows if these should be changed please let me know). I set up a replication point on a server in our office. Laptops that check in with a corporate network (office) IP address will get the replication point label and download files/patches from it. Laptops that don't have a corp IP will download files/patches from the kbox in the datacenter. Everything will be on SSL.


Ports:



From Outside of corp network:


a.  Allow https from anywhere to Kace.

b.  Allow agent heartbeat (52230/tcp) from anywhere to Kace.

  

From Kace server in Corp DMZ network:

a.  Allow SMTP (25 and 587/tcp) to anywhere for Email.

b.  Allow sftp (22/tcp) to anywhere for auto-backups to a cloud site we use, or just send them back to the replication point.

c.  Allow Ldaps (636/tcp) to AD servers.

d.  Allow https from Corp network to Kace for management.

e.  Allow https between Kace and replication point.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ