1 Reply Latest reply on Jul 11, 2011 2:06 PM by Dvanmeter

    How are enterprises securing their Internet-facing agent handlers?

      Hi all,

       

      Our organization has a large number of mobile workers, and we are very interested in deploying an ePO Agent Handler in our Internet-facing DMZ to gain better visibility into laptops when they leave our network.  We have rigorous security requirements for cross-domain communication, and need to ensure that the agent handler is deployed in the most secure manner possible.

       

      Have any other customers taken special steps to harden their agent handler(s)?  If so, can anyone share their (general) configuration guidelines and any things we may need to look out for?

       

      Thanks.

        • 1. Re: How are enterprises securing their Internet-facing agent handlers?
          Dvanmeter

          We have an internet facing agent handling for all of our mobile force.  No real problems.  The only thing that was a bit confusing was setting up the rules for which agent handler to connect to.  Since computers may get the same ip range on a different network, we chose to do the most simple thing and that was to say try the internal facing epo agent first and if it fails then try the agent handler.  This also works as a backup in case i shutdown the primary epo server or it has problems then computers will have a backup to the internet facing one..  We found no real security issues with the setup.  The computers communicate with SSL and you must have the epo agent from the server in order to communicate to it.  Only make the ports that need to communicate to the agent handler open through your firewall.