Offline Clients - Module updates

[DH2020 0]

Hi - environement is as follows:

We have our Security Management Center installed on a VM, which will hold our policies and also licenses our clients via the offline method 

The licensing is now working but I'm having trouble with working out the best way to update our clients as they do not have internet access

Can I turn the Security Management Center server also into being a Mirror server ?

Or does it need to be a completely different VM ? If so, does ESET have a iso which I can build the VM off ?

Or does it need to be an existing client which is then turned into a mirror server?

Please note that we also have XP and older server editions, I do not know if this will impact the path I need to take

 

Thanks in advance

[Marcos 5,070]

Are the machines completely offline or there's a chance to connect them to the Internet through a proxy server with restrictions to ESET's servers only?

If the former, you can use the Mirror tool to create a local mirror (https://help.eset.com/era_install/65/en-US/mirror_tool_linux.html)

Otherwise use the ESET HTTP Proxy which can be installed either stand-alone or with the ESMC All-In-One intaller. Using an http proxy will save a lot of network traffic and will enable the endpoints to take advantage of streamed updates for instance.

[DH2020 0]

Thanks - these machines will permanently be offline

It looks like it does not support XP, as we still have XP machines we need to cater for.

Due to this what would you recommend the best path for us to take ?

In terms of the ESET HTTP Proxy, did you have notes on how to configure this ? Or how I can leverage our ESET Security Management Center ? This currently takes care of our policies and licenses 

[Marcos 5,070]

To keep Windows XP computers offline is reasonable also for the fact that the system hasn't been supported by Microsoft for years and vulnerable to attacks and threats. It's not clear if these machines are completely offline, ie. without LAN connection allowing for update from a network share for instance or if they are connected in LAN and can access network shares or a computer running the HTTP proxy.

If they are completely offline, it will be necessary to transfer the content of the mirror on a removable medium and update the clients manually from it. Otherwise updating through the http proxy should be possible.

As for HTTP Proxy, if installed with the all-in-one installer it will be pre-configured automatically also in default ESMC policies. You can install and configure it manually as well as per https://support.eset.com/kb6750/. If you use ESMC as a virtual appliance, you can enable it as per https://help.eset.com/esmc_deploy_va/70/en-US/enable_apache_http_proxy.html.

[DH2020 0]

Hi sorry the XP machines do not have internet - but are connected to a local network with a LAN connection

So we should be able to leverage the HTTP proxy

I will follow the virtual appliance link https://help.eset.com/esmc_deploy_va/70/en-US/enable_apache_http_proxy.html 

Is there an easy way to validate if our virtual appliance has it already installed ?