Is anyone familiar with putting a FRS in Azure for external agents to hit?
We are testing putting our K1000 into the DMZ so we can manage and service workstations that are not on our corporate network. We stood up a server in Azure, installed IIS, and created a share. Now our test agents can download software if it's 100% anonymous, however we want the agent to authenticate. Our impression of how the FRS works is it uses the path (Local Share) with the kace agent to replicate from the Appliance to Server and that all clients would use the (Download Share) Credentials to authenticate. During our testing, we would not see any of our clients use or pass through those credentials. So we are running into authentication / server configuration errors based on logs. It only works anonymously. Is there an IIS setting we are missing? Maybe the path is incorrect in KACE? We would have to imagine there are other customers that have KACE publicly available that do not have all agents going direct to the appliance since we know that works.
Answers (1)
I don't think it's designed to work that way....
Currently, the easiest way to reach agents outside of your work network, is to deploy an Azure KACE SMA.
It's going to be public facing, so get some godaddy SSL certs.
And that's it, all the agents are going to communicate, authenticate and download payloads using the public FQDN from the SMA.
https://azuremarketplace.microsoft.com/en-gb/marketplace/apps/quest.kace-sma?src=nazure&tab=Overview
Another option, is to make the KACE SMA Public facing, I would also recommend SSL for this.
I'm also curious about your end goal here with FRS and Azure.... If you would like to share it.
