Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 9946 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Q: Two Mgmt Consoles - Newly inherited!

JonPinball
Hi, I have inherited a setup which looks like this.

1. 200 user site, has around 5 small site to sites over VPN tunnels - adding further 50 users
2. 100 user site, with further site to site VPN, adding further 75 users

Around 500 end points in total inc servers, laptops (all windows)

However, at each of the two locations, there is a management console running and each 'manages' it's own end points plus it's own nearest sites over VPN...clients are pushed from each mgmt point and update from same etc

There is no overall view of estate and all seems a bit confusing

Completely new to Sophos and still getting used to it so really wanted to ask if anyone had any pointers to the best route to go to have a single management point managing all clients (with maybe two update points?) and what would be best steps to take. Not sure if I still need more than one local update point, sites have reasonable links so probably not

is it a case of just re pushing to all clients on the console we want to keep so it effectively takes over? Client also look to have been added manually rather from ad...lots of stale objects

Again, any pointers or good docs to read would be really appreciated as unfortunately previous it team who configured are no longer and very little documentaion, previously have used macaffee / epo

Thanks
:56423


This thread was automatically locked due to age.
Parents
  • 0

    Hello JonPinball,

    fallback to sophos FTP

    the address is likely just Sophos, though the protocol is not FTP but HTTP and furthermore it's a nifty mechanism which does more than just download some files.

    how do I tell the end points [...] they need to still update from their local box

    Endpoints are organized in groups, all the groups except the special (topmost) Unassigned have policies assigned, one of them is the Updating policy which defines a (required) Primary location (UNC or HTTP), an optional Secondary (UNC, HTTP or the special Sophos address) and an Initial Install Source.

    [excursus] creating additional packages to send - while you can create packages for deployment the Protect computers from the console works differently [/excursus]

    The Initial Install Source (which is only needed for deployment from the console) defaults to the Primary location, you can optionally specify a different valid UNC path and you have to specify one if the Primary location is HTTP.

    Thus: AutoUpdate is installed from the applicable UNC location in the policy, it is configured to update (i.e. perform the rest of the installation) from the Primary, after RMS has connected to the server the complete policy is sent to the endpoint. In other words - the policy applied to the group the endpoint belongs to tells the endpoint where it should update from. 

    Of course, if you want them to update "locally" at the remote site you must first install an additional SUM there. Don't want to add to your confusion but you should also look into Enterprise Console: configuring message relay computers (and if you intend to use one please see Configure message relay in ver 5.2.2).

    Christian

    :56436
Reply
  • 0

    Hello JonPinball,

    fallback to sophos FTP

    the address is likely just Sophos, though the protocol is not FTP but HTTP and furthermore it's a nifty mechanism which does more than just download some files.

    how do I tell the end points [...] they need to still update from their local box

    Endpoints are organized in groups, all the groups except the special (topmost) Unassigned have policies assigned, one of them is the Updating policy which defines a (required) Primary location (UNC or HTTP), an optional Secondary (UNC, HTTP or the special Sophos address) and an Initial Install Source.

    [excursus] creating additional packages to send - while you can create packages for deployment the Protect computers from the console works differently [/excursus]

    The Initial Install Source (which is only needed for deployment from the console) defaults to the Primary location, you can optionally specify a different valid UNC path and you have to specify one if the Primary location is HTTP.

    Thus: AutoUpdate is installed from the applicable UNC location in the policy, it is configured to update (i.e. perform the rest of the installation) from the Primary, after RMS has connected to the server the complete policy is sent to the endpoint. In other words - the policy applied to the group the endpoint belongs to tells the endpoint where it should update from. 

    Of course, if you want them to update "locally" at the remote site you must first install an additional SUM there. Don't want to add to your confusion but you should also look into Enterprise Console: configuring message relay computers (and if you intend to use one please see Configure message relay in ver 5.2.2).

    Christian

    :56436
Children
No Data
Unfiltered HTML