Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 3584 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Update Distribution via sftp

Kai StephanJakobsen

Hi all,

i was just wondering if it is possible or if it is planned that the Sophos Update Manager is/would be able to distribute the Sophos Updates via SFTP to decentralized Update-Distribution-Paths.

Kind Regards

Kai - Stephan Jakobsen



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    It's not possible within the software but you might be able to create your own solution.  

    From a high level Sophos Update Manager (SUM) pulls down files from Sophos and places them in the Warehouse directory, these files are decoded into a "staging" decode directory before being copied to the designated distribution points. The clients then check these distribution points which can be over HTTP or UNC.

    You could therefore introduce to the system a secure copy of the distribution point files to a location that the clients can update from.

    The same goes for a child SUM, the child SUM can pull files from the parent warehouse directory over HTTP or UNC.  You could introduce your own secure copy of this warehouse directory to feed a remote SUM.

    The issue you would have would be copying the files when in a consistent state which could be achieved by careful scheduling.

    I guess the question is why.  The files pulled down by SUM from Sophos are all just binaries and data from Sophos and are the same as any other customer.  The same goes from SUM to distribution point. What are you trying to protect?  Why is the FTP protocol more favourable?

    Regards,

    Jak

  • 0 in reply to jak

    Hi,

    okay maybe i could have given a better description of our infrastructure. We are using Sophos in our engineering-/pls-environment. The SUM resides in the corresponding DMZ. From there we distribute the Sophos Updates to a NAS in each of our remote location (also engineering-/pls-networks). Each network is firewalled off and we want to keep the firewall as tight as possible and want to reduce the use of UNC or don't use UNC alltogether.

    That's why i had the idea that it would be favourible to distribute the Sophos Updates from the SUM to our NAS via sftp, so that we don't need to open UNC-Ports on the Firewall and can establisch a securer distritubtion path.

    Kind Regards,

    Kai - Stephan Jakobsen

Reply
  • 0 in reply to jak

    Hi,

    okay maybe i could have given a better description of our infrastructure. We are using Sophos in our engineering-/pls-environment. The SUM resides in the corresponding DMZ. From there we distribute the Sophos Updates to a NAS in each of our remote location (also engineering-/pls-networks). Each network is firewalled off and we want to keep the firewall as tight as possible and want to reduce the use of UNC or don't use UNC alltogether.

    That's why i had the idea that it would be favourible to distribute the Sophos Updates from the SUM to our NAS via sftp, so that we don't need to open UNC-Ports on the Firewall and can establisch a securer distritubtion path.

    Kind Regards,

    Kai - Stephan Jakobsen

Children
No Data
Unfiltered HTML