Jair 0 Posted December 3, 2019 Share Posted December 3, 2019 Hello everybody! Currently i'm managing two corporate networks (relatively small, about 50 clients each). Both have Windows Active Directory. Also have a ESMC Virtual Appliance on Vmware for each one. That's running smoothly. Now i've to manage a third location (and a fourth and a fifth...), all of them quite small (about 10 clients each). The 3rd, 4th and 5th location of course will not have a ESMC Virtual Appliance, 'cause there are no infrastructure for that. I want your advice. Which is the best way to manage the smaller locations? Giving them access to one of the ESMC i've on premise (by opening ports on my firewall)? or the Azure VA perhaps? Thanks in advance! Jaír Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted December 4, 2019 ESET Staff Share Posted December 4, 2019 Hello, You can either expose your ESMC to the internet, so it is reachable by clients from remote locations, or you can setup an instance in cloud provider (however please note, that the Azure VA is still based on the older ERA 6.5, so before continuing further its essential to upgrade it to ESMC 7.1). If you will manage them and do not need to give them site-specific access, also ESET Cloud Administrator might be a good option for you (however that has a size limit of up to 250 seats). Regards, Michal Link to comment Share on other sites More sharing options...
Jair 0 Posted December 4, 2019 Author Share Posted December 4, 2019 Thanks!!! To expose the ESMC server, which port should i open? Jaír Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted December 4, 2019 ESET Staff Share Posted December 4, 2019 I would follow recommendations: https://help.eset.com/esmc_install/71/en-US/difference_connectivity.html?installation_deployment_scenarios.html Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted December 4, 2019 ESET Staff Share Posted December 4, 2019 My recommendation is to check ports usage documentation: https://help.eset.com/esmc_install/71/en-US/ports_used.html Technically ESMC + Webconsole (tomcat) are listening on following ports: 2222 (can be changed, for example to 443 to reduce possible firewall issues): this port is used by ESMC Agents to connect to ESMC. This one has to be open for client devices. It could possibly be limited to specific IP addresses if possible, but that could possibly block roaming devices 2223: port is used for (my recommendation is to not open this port from outside of server) for Webconsole-to-ESMC communication. If webconsole will be installed on the same machine (= default scenario), there is no need to expose this port for console to work correctly second use is for ESMC Agent installers in case of "Server assisted installation". I would strongly recommend to omit this functionality, it is deprecated in favor of all-in-one installers which are much more suitable for MSP scenario. 443: standard port for access to ESMC Webconsole via browser. Port has to be opened for ESMC users to access console. My recommendation is to enable access to this port only for known IP addresses if possible. There is also possibility to perform additional hardening of Apache Tomcat configuration to enable only most secure TLS ciphers, you just have to be sure your browser will support it. Also make sure that when installing ESMC, so called "Advanced security mode" is enabled in it's configuration. It will prevent connections of older ERA Agents but should work for ESMC 7.1 Agents installed even on oldest supported systems (Windows XP). MichalJ 1 Link to comment Share on other sites More sharing options...
Jair 0 Posted December 4, 2019 Author Share Posted December 4, 2019 Thank you for the detailed answer. Greetings from Argentina! Jaír Link to comment Share on other sites More sharing options...
Recommended Posts