Jump to content

Mixed environment: which is the best way to manage?


Jair
 Share

Recommended Posts

Hello everybody!

Currently i'm managing two corporate networks (relatively small, about 50 clients each). Both have Windows Active Directory. Also have a ESMC Virtual Appliance on Vmware for each one. That's running smoothly.

Now i've to manage a third location (and a fourth and a fifth...), all of them quite small (about 10 clients each). The 3rd, 4th and 5th location of course will not have a ESMC Virtual Appliance, 'cause there are no infrastructure for that.

I want your advice. Which is the best way to manage the smaller locations? Giving them access to one of the ESMC i've on premise (by opening ports on my firewall)? or the Azure VA perhaps?

Thanks in advance!

Jaír

 

Link to comment
Share on other sites

  • ESET Staff

Hello,

You can either expose your ESMC to the internet, so it is reachable by clients from remote locations, or you can setup an instance in cloud provider (however please note, that the Azure VA is still based on the older ERA 6.5, so before continuing further its essential to upgrade it to ESMC 7.1). 

If you will manage them and do not need to give them site-specific access, also ESET Cloud Administrator might be a good option for you (however that has a size limit of up to 250 seats). 

Regards,

Michal 

Link to comment
Share on other sites

  • ESET Staff

My recommendation is to check ports usage documentation: https://help.eset.com/esmc_install/71/en-US/ports_used.html

Technically ESMC + Webconsole (tomcat) are listening on following ports:

  • 2222 (can be changed, for example to 443 to reduce possible firewall issues): this port is used by ESMC Agents to connect to ESMC. This one has to be open for client devices. It could possibly be limited to specific IP addresses if possible, but that could possibly block roaming devices
  • 2223: port is used for (my recommendation is to not open this port from outside of server)
    • for Webconsole-to-ESMC communication. If webconsole will be installed on the same machine (= default scenario), there is no need to expose this port for console to work correctly
    • second use is for ESMC Agent installers in case of "Server assisted installation". I would strongly recommend to omit this functionality, it is deprecated in favor of all-in-one installers which are much more suitable for MSP scenario.
  • 443: standard port for access to ESMC Webconsole via browser. Port has to be opened for ESMC users to access console. My recommendation is to enable access to this port only for known IP addresses if possible. There is also possibility to perform additional hardening of Apache Tomcat configuration to enable only most secure TLS ciphers, you just have to be sure your browser will support it.

Also make sure that when installing ESMC, so called "Advanced security mode" is enabled in it's configuration. It will prevent connections of older ERA Agents but should work for ESMC 7.1 Agents installed even on oldest supported systems (Windows XP).

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...