I have a scenario where very limited access is allowed to a specific subnet. It is a requirement that systems in this subnet should be managed by the ePO server. A firewall allows communication between the ePO server and a server in their DMZ. This server has access to the systems in the subnet. I consider installing an agent handler on this server to manage the computers in the isolated segment, but will it be possible if there is no direct channel between the ePO server and the systems in this subnet? Will it be possible to assign these systems to the agent handler?
That is pretty much a text-book case scenario for using an agent handler.
You will need to be sure you meet the ports requirements described in this KB article:
KB66797 - Ports needed by ePO 4.x and ePO 5.0 for communication through a firewall
So talking directly to the ePO over SSL isn't allowed? But putting an Agent Handler in there which will talk direclty to a SQL server would be acceptable? I don't think you have a good case for an agent handler.
Possibly a new relay agent using Agent4.8/ePO 5.0 but not an Agent Handler.
Thanks for the advice thus far. I also realised that a relay agent would be the best solution. But you say Agent 4.8/ePO 5.0? What is the lowest version of ePO that supports the relay server capibility? We are currently running 4.6.4.