Jump to content
Jair

Mixed environment: which is the best way to manage?

Recommended Posts

Hello everybody!

Currently i'm managing two corporate networks (relatively small, about 50 clients each). Both have Windows Active Directory. Also have a ESMC Virtual Appliance on Vmware for each one. That's running smoothly.

Now i've to manage a third location (and a fourth and a fifth...), all of them quite small (about 10 clients each). The 3rd, 4th and 5th location of course will not have a ESMC Virtual Appliance, 'cause there are no infrastructure for that.

I want your advice. Which is the best way to manage the smaller locations? Giving them access to one of the ESMC i've on premise (by opening ports on my firewall)? or the Azure VA perhaps?

Thanks in advance!

Jaír

 

Share this post


Link to post
Share on other sites

Hello,

You can either expose your ESMC to the internet, so it is reachable by clients from remote locations, or you can setup an instance in cloud provider (however please note, that the Azure VA is still based on the older ERA 6.5, so before continuing further its essential to upgrade it to ESMC 7.1). 

If you will manage them and do not need to give them site-specific access, also ESET Cloud Administrator might be a good option for you (however that has a size limit of up to 250 seats). 

Regards,

Michal 

Share this post


Link to post
Share on other sites

Thanks!!!

To expose the ESMC server, which port should i open?

Jaír

Share this post


Link to post
Share on other sites

My recommendation is to check ports usage documentation: https://help.eset.com/esmc_install/71/en-US/ports_used.html

Technically ESMC + Webconsole (tomcat) are listening on following ports:

  • 2222 (can be changed, for example to 443 to reduce possible firewall issues): this port is used by ESMC Agents to connect to ESMC. This one has to be open for client devices. It could possibly be limited to specific IP addresses if possible, but that could possibly block roaming devices
  • 2223: port is used for (my recommendation is to not open this port from outside of server)
    • for Webconsole-to-ESMC communication. If webconsole will be installed on the same machine (= default scenario), there is no need to expose this port for console to work correctly
    • second use is for ESMC Agent installers in case of "Server assisted installation". I would strongly recommend to omit this functionality, it is deprecated in favor of all-in-one installers which are much more suitable for MSP scenario.
  • 443: standard port for access to ESMC Webconsole via browser. Port has to be opened for ESMC users to access console. My recommendation is to enable access to this port only for known IP addresses if possible. There is also possibility to perform additional hardening of Apache Tomcat configuration to enable only most secure TLS ciphers, you just have to be sure your browser will support it.

Also make sure that when installing ESMC, so called "Advanced security mode" is enabled in it's configuration. It will prevent connections of older ERA Agents but should work for ESMC 7.1 Agents installed even on oldest supported systems (Windows XP).

Share this post


Link to post
Share on other sites

Thank you for the detailed answer.

Greetings from Argentina!

Jaír

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...