We have in our infrastructure 2 domains, seperated by a firewall, say domain A & B.
Domain A has already a epo server, and works really well. In Domain B i just started but it doesn't go that well: because the domains are very different and may influence each other, i did this:
1. created a superagent with distributed repository on domain B server=OK
2. created an agent handler for this domain. i got a lot of problems for this because the account & pasword in domain A were not known by domain B. So i changed the sql authentication in my domain A from windows to sql authentication. This made the db install in my domain B and the agent handler works now.
But, now, we have the issues that we can't push the agents to the new domain because the credentails of domain A are always used. I even tried to install the agent manually with cmd-switches, but no succes.
Do i really need to install a second epo server on my domain B? Or do you have tips to improve this situation? Am i on the right track?
you can just export the agent (without giving user credentials) and install (by script/software) them on domain B clients. setup DNS (in domain A & B) and firewall so that clients in domain B can resolve the ePO server and firewall can pass agent<->ePO traffic. I'm guessing that there are only few clients in domain B and it is part of the same physical network (in the same building). we have the same setup in office and this is what we do. So far, we have delpoyed and manages Antivirus, Anti-Spyware, System Compliance Profiler, Rogue Sensor and SiteAdvisor. I don't know if this setup may cause issues when we start rolling out encryption products.
best of luck. let us know if it works.on 29/5/10 10:35:42 AM GST
Thank you for your answer. You guessed right: both domains are different, but in the same building, separated by a firewall.
I have a question though: don't you think that letting domain users in domain B resolving the eposerver (or other devices, because what i will need to do is creating a forward lookup zone in domain B with 1 ip-record to my eposerver?? ) in domain A is a security issue?
I'm a bit hesitating on that, because i don't like those 2 domains working in any sort of way...am i too cautious there?