Manage computers from another domain

Question

Hi all, 
 
 I'm running into a little bit of a problem here with our SEC implementation. 
 We protected all of our main domain computers flawlessly with Sophos and I'm also able to manage the roaming clients with a WAN faced message relay properly. 
 My problem is that one of our branches have a seperate domain and no connection whatsoever between their AD and our AD . 
 I found that solution but since there is not private network (LAN or VPN) between the 2 domains, I don't think I can setup a 2-way trust : https://www.sophos.com/en-us/support/knowledgebase/12610.aspx 
 Is it possible to just copy the main domain CA on the second domain so that the remote computers "trust" my message relay correctly ? 
 Here's the message from one of our remote client router logs : 
 
 24.02.2016 12:08:12 0A28 W No public key certificate found in the store. Requesting a new certificate. 
 24.02.2016 12:08:12 0A28 I Getting parent router IOR from xxx.abc.com:8192 
 24.02.2016 12:08:12 0A28 I This computer is part of the domain y 
 
 Did someone else is in the same situation as I am ? 
 Thank you all,

jak · Accepted Answer

RMS, the Remote Management System component has no concept of domains, it all works at the TCP level. As long as the parent address of the client router can find the parent router, be it a relay or the SEC management server it doesn't matter. 
 
The only time you need to concern yourself with multiple domains is with deployment from SEC (the account you enter into the deployment wizard has to be able to authenticate on the management server and also the remote clients) and possibly update credentials from the distribution points. Any concerns there and you could use HTTP updating. 
 
Regards, 
Jak