Jump to content

MartinK

ESET Staff
  • Content Count

    2,025
  • Joined

  • Last visited

  • Days Won

    63

Kudos

  1. Upvote
    MartinK received kudos from offbyone in Management protocol + reverse proxy   
    As AGENT->ESMC protocol currently used gRPC on application layer (not guaranteed to the future), there are many small projects and proxies that can be used to routing, but in case of security, most reliable solution might be standard TLS termination and forwarding of requests on TCP layer, i.e. without interpreting data and requests itself. This is supported by most of the commonly used proxies ad mentioned previously. It would just require some basic "magic" with certificates. In this configuration, proxy should be just "repacking" TCP traffic from one TLS channel to another, instead of interpreting it + it is possible to configure proxies to be transparent for AGENTs. This kind of configuration is very often used for load balancing.
    Your case would be probably best matched by something like TLS pass-through with additional client certificate checks, but it is probably not supported by common proxies, I think it not possible to validate client certificate before connection to backend service (ESMC in this case) is opened, so it would somehow reduce security benefits.
  2. Upvote
    MartinK received kudos from offbyone in Management protocol + reverse proxy   
    ESMC Agent are using mutually authenticated TLS (both endpoints do have to present with it's certificate), which is protecting underlying HTTP2 requests, so technically it is HTTP2 over TLS.
  3. Upvote
    MartinK received kudos from Peter Randziak in Number of pending logs increased after ESMC upgrade to 7.2   
    Indeed ESMC 7.2 introduced mechanisms for throttling connections and received data -> its purpose is to limit load and prevent service exhaustion for temporary peaks, mostly detected during work time hours start. This change was definitely not supposed to increase number of pending logs, but during development, it was discovered that counters were previously not accurate, which might explain increase you are seeing.
    Regarding performance, most crucial is performance of database, which is connected to performance of underlying storage. I would recommend to check whether storage performance is not hitting its limits. In case of cloud, I would recommend to check IOPS limits on storage and database.
    Could you also provide number of managed / actively connected endpoints just for statistical purpose? We are interested in such numbers as it would enable us to adapt mentioned settings.
  4. Upvote
    MartinK received kudos from Peter Randziak in Mirror Tool Problem   
    There has been a few changes implemented in DNS servers that should possibly help with this case, as problematic data center should be used only as a fallback for connections from Germany.
  5. Upvote
    MartinK received kudos from Cameron in ESMC Server Migration and Licencing   
    Just be aware, that if testing instance will be created on top of your existing ESMC database (as described in migration scenario), your original and new ESMC instances will share synchronized licenses in a way that when you modify list of synchronized licenses in one instance, it will impact also original/production servers, so my recommendation is to deploy completely new testing ESMC instance, instead of re-using existing database.
  6. Upvote
    MartinK received kudos from Peter_J in Import has failed (certificate)   
    Indeed only DER format is supported for both import and export of CA certificates. We will have to check whether it is clearly communicated.
  7. Upvote
    MartinK received kudos from MichalJ in Future changes to ESET Security Management Center / ESET Remote Administrator   
    I think this is resolved in just-released ESMC 7.2 where it look like this:

  8. Upvote
    MartinK gave kudos to rpremuz in GUI language of ESET AV installed with a client task   
    On https://help.eset.com/eea/7/en-US/installation_command_line.html I've found parameters that can be used for specifying GUI language with MSI file that is used in the client task: PRODUCT_LANG and PRODUCT_LANG_CODE
    I successfully tested the following settings in my client task specification that installs ESET Endpoint Antivirus in US English:

  9. Upvote
    MartinK received kudos from Peter Randziak in Future changes to ESET Security Management Center / ESET Remote Administrator   
    I think this is resolved in just-released ESMC 7.2 where it look like this:

  10. Upvote
    MartinK received kudos from igi008 in Future changes to ESET Security Management Center / ESET Remote Administrator   
    I think this is resolved in just-released ESMC 7.2 where it look like this:

  11. Upvote
    MartinK received kudos from Peter Randziak in Future changes to ESET Security Management Center / ESET Remote Administrator   
    Unfortunately I am al so not sure how it was meant. We are officially declaring maximal number of managed clients to 10000 when using MySQL database, but it is not related to number of actually connecting clients, but rather limit is amount of data. ESMC installed over MySQL might have performance issues with processing larger amount of data and rendering larger datasets. As an result rendering of specific reports (threats for example) might be much slower, but in "clean" network even much larger environments can be managed with MySQL-based ESMC installation.
    Persistent connections as introduced in ESMC should actually significantly reduce load of ESMC server, especially in "dormant" state when no changes are made in management console. If properly configured on recommended HW, ESMC should handle hundreds of clients per second.
×
×
  • Create New...