Jump to content

Guidance request - version 6 deployment


jimwillsher
 Share

Recommended Posts

Hi all

 

With the massive increase in complexity with the version 6 infrastructure, I am seeking some guidance please on how to deploy everything.

 

Here's the scenario:

 

I'm acting as an IT support role, supporting seven customer all with a local install of ERAS/ERAC version 5. To manage and deploy ESET I simply RDP onto the customers' servers and launch ERAC. The local install is on SBS2011 boxes and works fine, but as we know that's not likely to be an option for version 6. We always download definitions from ESET; no local mirrors. And finally, all clients check in to ERAS every 5 minutes using two server definitions, a local one (for the desktops and when the laptops are in the office) and a FQDN (across the internet) for the laptops are away. They connect to a port (35000) which redirects to 2222 in our firewall.

 

We've never used (or even installed) the web admin. We use ERAC exclusively.

 

For version 6 there seems to be a myriad different components, with Apache, Tomcat, SQL, MySql, Agents, RD Sensor, Proxies - lots more things than in V5.

 

All the servers are SBS 2011, so running Hyper-V is not an option. And all the customers are fairly small businesses, so a second server is also not an option.

 

Is it feasible/practical/sensible to install the version 6 stack on a HyperV server in my office? What would be the implications of doing this, and what fucntionality would be affected? All communication would be across the internet. What will happen with software deployment to the clients, will each client try to download software (60MB+ for v5 EAV) from my server here or will they download from ESET's servers? What about definitions too? Also, my server would be in a workgroup (or maybe a domain) but certainly not a domain related to (or trusted by) any of the customers' domains? Also, what about ESET licenses? All my customers have different licenses, will that be a problem if I have a single ESET "repository" in our office here?

 

It seems that hosting the ESET v6 stack at the customer is not an option due to the server requirements, as the v6 stack looks like it will add far more burdon to the SBS servers than v5. But we host the v5 stack at each customer quite happily. So we need to find a workable solution for v6 if we're to use v6.

 

In total, I think it's 159 licenses across the customers.

 

Oh, and finally....if we *were* to install the v6 Server component onto the SBS boxes, can we expect any problems? For example, the install guide shows that port 443 is used for the web console. 443 is already in use in SBS2011 for various things. Will the installer add a separate application in IIS so that ERA will co-exist?

 

Many thanks in advance. SBS can be "broken" very easily, and we don't want to break it!

 

 

 

Jim

Edited by jimwillsher
Link to comment
Share on other sites

  • Former ESET Employees

You are correct, there are a lot of moving parts to an install, which is typically all handled by our All-In-One installers.  We do offer the stand alone installers so that each program can be configured to work around the SBS features, but it can be time consuming when setting it up per each environment.

 

If you have the option of hosting a HyperV instance to run the Remote Administrator sever, the only real drawback would be having to send the Agent live installers to the clients for manual installation.  However, after that is done, everything else will be controllable through the server.

Link to comment
Share on other sites

Thanks Anthony. Unfortunately we don't have the option of HyperV.

 

With V5 we manually installed ESET each time initially, as the "push" install was flakey, and we then used the "upgrade client" option in ERAC to push out new versions.

 

If we manually push the agent, and then install the client using the agent, will the agent downlaod the installer from our ERAS machine or from the ESET website? Thinking about bandwidth.....

 

Also, what do we do with all the V5 clients currently installed and currently "phoning home" every five minutes to 2222. Do we need to push out new configs to the V5 clients to get them to "phone home" to the new V6 ERAS machine?

 

 

Jim

Link to comment
Share on other sites

Thanks Anthony. Unfortunately we don't have the option of HyperV.

 

With V5 we manually installed ESET each time initially, as the "push" install was flakey, and we then used the "upgrade client" option in ERAC to push out new versions.

 

If we manually push the agent, and then install the client using the agent, will the agent downlaod the installer from our ERAS machine or from the ESET website? Thinking about bandwidth.....

 

Also, what do we do with all the V5 clients currently installed and currently "phoning home" every five minutes to 2222. Do we need to push out new configs to the V5 clients to get them to "phone home" to the new V6 ERAS machine?

 

 

Jim

Speaking from my personal experience, the deployment process gives you the option of installing the client either from network or local location versus downloading from the ESET repository. In the screenshot I have attached, you can see the section that says URL lets you to point to a local network location (either on your local ESET server or any random network share) or you can just choose to pull the file from the official ESET repository.

post-6301-0-32720300-1422392274_thumb.jpg

Link to comment
Share on other sites

Thank you ttabiri, that looks like the solution we need.

 

I'm still worried about installing this lot on SBS though. Same ports as SBS, issues with SQL in SBS, adding workload to SBS etc.

 

I have a feeling we will be sticking with version 5 :(

Link to comment
Share on other sites

  • Administrators

You don't necessarily have to install ERA 6 on SBS nor buy another Windows server license to run ERA. You can use the all-in-one Linux-based solution for virtual appliances which can be deployed quickly with just little configuration steps needed and that's it.

Endpoint v6 brings new security features to effectively deal with zero-day malware, such as Advanced memory scanner, Exploit blocker, Botnet protection with more to follow in future versions, hence we strongly recommend upgrading to it.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...