Managing Multiple K1000s
We are buying an additional K1. We want to stick with an 8 hour check-in since we have communicated to our users that is what they can expect. It's a long story, and I don't really want to get into the details on that. I'm stuck with eight hours.
So we have about 6,000 machines that we patch, and push MIs. We have about 12,000 that have the agent just for inventory purposes, and the occasional install from the user portal. All of these rely on the eight hour check-in, so ORGs are out of the question. So our plan is to get this additional K1. We will have one that will manage those 6,000 machines, and another that will manage those 12,000. This way we can still maintain the eight hours without overloading the K1.
My problem is are users are used to going to a specific URL to get their software (user portal). I do not want to let our users know if you are on one of these 6,000 then you go here. If you are on one of these 12,000 then you go here. I thought about leaving the URL the same for the 12,000. For the 6,000 I've looked at modifying the hosts file to point to the new server even though they are entering the exisiting URL. In testing this has worked when pointing to my virtual K1. The only problem I can see that I cannot test at the moment is if there will be an issue with SSL since I do not have that enabled on my VM.
I know this is a really off the wall setup, and I do not think there's a lot of info out there for it? Does anyone have any better ideas on how to accomplish this?
Answers (1)
I ended up creating an offline script that will move my machines in certain labels to this additional K1.
@echo off
"C:\Program Files (x86)\Dell\KACE\AMPTools.exe" -resetconf host=kbox2.domain.org
rem #### HOSTS FILE ######
set hostspath=%windir%\System32\drivers\etc\hosts
echo 192.168.1.1 kace.domain.org >> %hostspath%
After this ran everything worked correctly, but I did have an issue with SSL. Since I was navigating to kace.domain.org, and being redirected via HOSTS file I receieved a name mismatch error. I corrected this by generating a SANs cert for all possible names that I would navigating to. I followed the link below with the exception of the openssl.conf file.
http://apetec.com/support/GenerateSAN-CSR.htm
I changed
[ v3_req ]
# Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names
to this
[ v3_req ] subjectAltName = @alt_names
Comments:
-
great idea - SMal.tmcc 10 years ago
Is it really an issue to just tell your clients which k1000 to go to for software?
Did Dell have any suggestions? I know (based on the recent Dell SUF) there are a few customers out there that have thousands of clients that are in the same situation as you.
Also, since you are editing the kbox you may want to consider creating an entry for "kbox" as when the kace agent forgets where to go it defaults to trying to connect to "kbox" - Jbr32 10 years ago
I did email Dell, and waiting on a reply back. We just received the licenses for this additional one, so I'm assuming the server isn't too far behind.
I have done the entry for "kbox" already, but I'm guessing now that might be another kink I need to look at. I guess I can at least get it to one of the Kbox's and manage it from there. - dugullett 10 years ago
I have had a couple of calls when users do not have have the agent at all. The tech promises that they have installed it, but I see no signs of it. I generally do not interface with the user so I'm not sure who is telling the truth.
I have a GPO that pushes out the agent, plus using the provisioning for updates on the K1. I manage the images for the 6,000 machines, and the agent is included. For all others the techs build their images, and I'm assuming it's in there. If not GPO should get it. - dugullett 10 years ago