First off, the usual "disclaimer"; please redirect me if this isn't the correct forum and/or if my questions have answers in other posts/forums.
My question is whether there are any way to chain or link epo-servers to each other ?
The reason for the question is that due to security reasons (firewall zones and net segmentation) only one epo server will be allowed to commuicate to the internet (to recieve updates...), but it would be beneficent for other epo servers (in the same organization and windows domain) to "reuse" the virus definition packages and updates that the "internet allowed" epo server has downloaded. For those of you familiar with Microsoft WSUS 3.0, the desired scenario is to attain a solution where the epo servers acts in a replica or downstream server manner as possible in WSUS 3.0.
The present epo server is version 4, and if epo 4.5 has the abilities desired as described above please let me know.
If you just want to use one epo server as the source repo for the others, then yes, this is possible: you just need to be a tiny bit careful. What you must avoid doing at all costs is using one server's master repository as the source for another.
1) On the internet-connected server - let's call it the Primary - create a distributed repository. Configure it so that only content - e.g. DATs and engines, HIPS content and so on - is replicated to it.
2) Export the primary server's master repository public key ( from the Security Keys page on the Server Settings section.)
3) Import this key into the secondary ePO server(s)
4) Configure a source site on the secondary servers that points at the distributed repo on the primary server
That should hopefully do what you want
Thank you Joe !
Do you have any documentation I could glance at, regarding the solution you suggested?
And is it possible to "mid mission" change a epo servers repository from one source to another, that is (using your naming convention) change a "Primary epo server" (who previously has had internet communication) to recive updates from another epo server, or in short change the "type" from a primary to a secondary ?
The reason for me asking this somewhat reverse and awkward scenario compared to my initial question, is that there might be some restructuring to the present (firewall and net segementation) zone models, that may result in the fact that a server who previously were allowed to "internet communicate", after the "restructure process" have to use a chain/link/replication solution.
Any how, thank you for your reply, nice to be a member of such a fast-to-help forum
I'm not aware of any documentation, I'm afraid - which means I'll have to go and write some
Changing an ePO server's source repo is very easy. ePO allows you to specify multiple source repos - which one is used depends on how the pull task (or pull now job) is configured. So if you want to change the source, simply specify another source repo and update your pull tasks to use the new source - easy as that.