This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Install client on workstation and connect manually to Enterprise Console

Hi!

I would like to install the client software manually to a workstation PC (who's not connected to a domain) with I can do by installing the normal package,

But how can I connect the client after to an Enterprise Console manually?

Thanks in advance,

Laurent



This thread was automatically locked due to age.
Parents
  • Hello Laurent,

    you don't "connect" an endpoint after installing an SA package. You must install from the CID - either directly or by using the Deployment Packager to build a custom package (RMS must be included).

    Christian

  • Thank you Christian for the clarification, the documents are not clear on that.

    The Deployment Packager Doc is also not clear:

    >> In Source folder, specify the location of the central installation directory containing the endpoint software installation files. This may be a UNC path or a local folder.

    I'm not an Sophos engineer, so, what folder I have to select?

    >> This installs Sophos Patch Agent.You must also enter the address where the Management server is installed under Management Server URL. The address must be a fully qualified domain name. Example: http://server name.

    So, does it "just" need the name/ip or also path/port?!

    If I select now the "Remote Management System (RMS)" option, what should I do next to connect/show the installation to the Enterprise console?

    Thank you,

    Laurent

  • Hello Laurent,

    a few words to connect (RMS) first: The communication between server and endpoints is cryptographically secured. The necessary certificates and keys are generated by the server and placed in the update location(s) (the default for Windows is \\server\SophosUpdate\CIDs\S000\SAVSCFXP\). Installing RMS during initial install enables the client to register and subsequently communicate with the server. The endpoint must be able to connect to ports 8192 and 8194 on the server, ideally the server should be able to connect to the endpoint's 8194.

    As to the Deployment Packager:
    The source is usually one of the distribution shares specified in the SUM (Update Manager) configuration with the path to the platform specific folder as written above (\\server\SophosUpdate\CIDs\S000\SAVSCFXP\).  If you run the DP on the server or on a workstation where you have mapped the share you can use the local path to the \SAVSCFXP folder.

    Patch Agent
    Do you actually use the  Patch component? The default port is 80 but a different port can be selected during SEC install. For "internal" endpoints the server name might suffice, otherwise the server's FQDN or its IP must be used (provided it can be resolved/reached from the endpoint - Patch wouldn't work anyway if not). As 80 is the default for HTTP you need not specify it but it does no harm to do so.

    BTW: What is not connected to a domain - workgroup but on the LAN or not on the internal network?

    Christian

Reply
  • Hello Laurent,

    a few words to connect (RMS) first: The communication between server and endpoints is cryptographically secured. The necessary certificates and keys are generated by the server and placed in the update location(s) (the default for Windows is \\server\SophosUpdate\CIDs\S000\SAVSCFXP\). Installing RMS during initial install enables the client to register and subsequently communicate with the server. The endpoint must be able to connect to ports 8192 and 8194 on the server, ideally the server should be able to connect to the endpoint's 8194.

    As to the Deployment Packager:
    The source is usually one of the distribution shares specified in the SUM (Update Manager) configuration with the path to the platform specific folder as written above (\\server\SophosUpdate\CIDs\S000\SAVSCFXP\).  If you run the DP on the server or on a workstation where you have mapped the share you can use the local path to the \SAVSCFXP folder.

    Patch Agent
    Do you actually use the  Patch component? The default port is 80 but a different port can be selected during SEC install. For "internal" endpoints the server name might suffice, otherwise the server's FQDN or its IP must be used (provided it can be resolved/reached from the endpoint - Patch wouldn't work anyway if not). As 80 is the default for HTTP you need not specify it but it does no harm to do so.

    BTW: What is not connected to a domain - workgroup but on the LAN or not on the internal network?

    Christian

Children