This should be a simple question. I tried looking through the EPO docs, and maybe I just missed the answer.
We are running EPO 4 in our environment. We have offices in 3 different geographic locations, and so when our consultant was here assisting us with our EPO deployment, we setup the mastor EPO server at our primary location and placed a superagent repository at each of the other two "satellite" offices. Now I know that my clients will check into the superagents and download the latest scan engines, dats, and updates from them, but do the clients still have to communicate their status to the master server? Our consultant told us that even though the clients will mainly communicate with their local repository, they still have to be able to talk to the master. Is this correct, and if so is there any way around this if we wanted to stand up a superagent in a standalone segmented network and still manage the clients on that network via our master EPO server? It would seem to make sense to me that a superagent would be able to not only handle distributing files to local clients but also collect status information and send it back to the master server.
Your insights please.
In ePO 4 all the agents still need to perform their ASC (agent-to-server communication), with the ePO server itself, the distributed repositories are only for downloading of updates and point products. ePO 4.5 introduces the Agent Handler that allows agents to communication with something other than the ePO server, the agent handler will still need to communicate with the ePO server.
The agent handlers, though, are designed for redundancy, scalability (say 70,000 nodes or above), or for a DMZ. Other than this there is no reason to use an agent handler.
Thanks for your reply. Sounds like we'd have to go to EPO 4.5 to get the agent handler capability if we wanted to manage machines on our isolated test network without having to open the firewall for them to communicate with the EPO server. There are no other workaround options to do this with 4.0 correct?
Remember, in ePO 4.5, the Agent Handler will still need to communicate with the ePO server over the Agent-to-Server port so you will need to make a rule in your firewall for that one machine.
Technically you do have one other option, but the EPO 4.5 option seems like a better one depending on the size of your enterprise. In your test environment you could stand up and another EPO server and connect it to your other EPO 4.0 server. That would limit the bidirectional commucations down to the two IP addresses.