Jump to content

ESMC Where are client updates downloaded from?


rockshox
 Share

Recommended Posts

Currently we are on ERA 5. I have built a new ESMC server and am working on getting the policies setup and functioning so that I can move our clients over. I am confused by how the updates are downloaded. If I want all our workstations to only download updates from the ESMC server and not have each individual client going to the internet for updates, am I required to use the Apache HTTP Proxy?

In ERA 5 it was a piece of cake, turn on the Mirror and points clients to the server, but in ESMC I see all this Apache HTTP Proxy setup and it is working, but I don't know why I need a proxy server when all the clients are on the same network and can access the ESMC server directly. If I disable the Apache HTTP Proxy does that mean all clients will download updates from the web or from the ESMC server?

Link to comment
Share on other sites

  • Administrators

There are basically 2 options with ESMC if you don't want Endpoint to download updates directly from ESET's servers:

1, Use an http proxy to cache updates (you can use an existing proxy that you might already be using)
2, Use the mirror tool to create a local mirror and then share its content using an http server (not included but there are many free ones). We do not recommend using mirror since a lot of unnecessary data would be downloaded with each update.

Link to comment
Share on other sites

Ok, that seemed to be what I was reading in the documentation and much different than what I am used to in ERA 5.

As for the Proxy Server, I can see that the default configuration set it up at the Global level. I assume that only traffic between ESET Endpoint AV and the Agent is run in this proxy and none of the other computer network traffic?

Edited by rockshox
Link to comment
Share on other sites

  • Administrators

If you install ESMC using the all-in-one installer and choose to install also HTTP Proxy, ESMC will use it automatically and it will be also pre-configured in policies. The proxy comes with a configuration file that restricts connections only to ESET's servers.

Link to comment
Share on other sites

  • ESET Staff

@rockshox If you have installed ESMC server using either all in one installer on Windows or deployed the appliance with the "enable proxy caching of updates". 

This would create default policies for the major security products (Endpoint for Windows, Mac, File Security) and ESMC components, that would force those components in the internal network to communicate with ESET infrastructure using the apache HTTP Proxy installed on the same machine as ESMC server. It´s configured to be whitelisted for ESET services only (Licensing, Update Servers - module updates, Repository - installers, and ESET Live Grid). In case proxy is not reachable, endpoints have switch to "communicate directly". You can configure multiple proxy servers in policies, if you wish to do so. 

Link to comment
Share on other sites

Marcos and MichalJ - Thank you very much for the responses. Your explanations answered the question and I was able to figure out how it all works and have it deployed to a group of test computers.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...