sokol-4ever 0 Posted August 7, 2019 Share Posted August 7, 2019 (edited) Hello, If we are an MSSP provider and want to provide ESET services to customers, what is the best way to connect clients (EES, ERA) to the ESMC that is on our side (MSSP provider)? Edited August 7, 2019 by sokol-4ever Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted August 7, 2019 ESET Staff Share Posted August 7, 2019 In general, for the MSP / MSSP use-cases there are three options: Host it in a public cloud, where agents will be able to see the server over public internet (we have for example Azure image available, however after deployment this should be upgraded to ESMC 7.0). Make your private cloud instance accessible from the internet (the port on which ESMC server is listening to agents). Use HTTP Proxy, for forwarding the connections from the outside, if the server is not directly visible from the internet. Link to comment Share on other sites More sharing options...
sokol-4ever 0 Posted August 7, 2019 Author Share Posted August 7, 2019 (edited) Thanks for the answer MichalJ. 1.Which of these options is the most popular according to statistics?. 2. Where can I find information about use HTTP Proxy? 3. Can I use my proxy server or do I need to install Apache HTTP Proxy. Do I need to install something else on the client side or just specify the use of a proxy in the agent settings? Thanks. Edited August 7, 2019 by sokol-4ever Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted August 8, 2019 ESET Staff Share Posted August 8, 2019 Hello, I will get in touch with our team, to get you the information. Based on our Product Management research, it would be a merge of 2 & 3 (so ESMC running in a MSP datacenter / collocation, accessible from the internet, either via proxy, or some other solution). Details are in our documentation: https://help.eset.com/esmc_install/70/en-US/?arch_proxy.html Of course, you can use any 3rd party proxy you have, you just need to configure it in a way, that it will allow communication of ESMC Agents with the server (inbound) and ESMC access to various ESET services. Link to comment Share on other sites More sharing options...
sokol-4ever 0 Posted August 9, 2019 Author Share Posted August 9, 2019 (edited) Hello, 2. Make your private cloud instance accessible from the internet (the port on which ESMC server is listening to agents). Are there any best practices (recommendations) on how best to connect the client, in terms of security hack? Edited August 9, 2019 by sokol-4ever Link to comment Share on other sites More sharing options...
sokol-4ever 0 Posted August 14, 2019 Author Share Posted August 14, 2019 Good Day, Is there any news about questions from ESET team? Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted August 14, 2019 ESET Staff Share Posted August 14, 2019 I have requested some advice from our documentation/support team, as I do not have any recommendations by myself. In general, common practice would be to simply limit the ports to the ones needed for ESET. List is available in the KB article - https://support.eset.com/kb332/. If the webconsole is accessible from the outside, for sure use the 2FA, and refrain from using default Administrator account, for which set exceptionally strong password. Link to comment Share on other sites More sharing options...
sokol-4ever 0 Posted August 14, 2019 Author Share Posted August 14, 2019 Thank you, I will consider your answer. Link to comment Share on other sites More sharing options...
Recommended Posts