/build/static/layout/Breadcrumb_cap_w.png

Accessing the K1000 & K2000 from home

Can anyone give me a brief overview of any steps/hurdles involved in opening up the K1000 and K2000 to be able to access from outside the LAN?

I'm assuming this would allow the following:

-Website access from home
-Machines check in to K1000 off-site

Here are the questions I have:

-Do we need to open up certain ports to get the agent working properly from outside?
-Will scripts/managed installs still work? What about if we use Replication boxes? Will they need certain ports open to send outside the building as well?
-Anything else I should know?

Our VPN is horrible, and I can't connect to the KACE boxes while outside of work unless I remote into my desktop at work via TeamViewer or other program, which is laggy.

 

Thanks! 

Asked 11 years ago 6718 views
0 Comments   [ + ] Show comments

Answers (3)

Answer Summary:
You would have to put them in your DMZ and enable SSL. Once provisioned, the K1000 agents would only need HTTP/HTTPS access and to be able to access port 52230 for the AMP connection. I'm less familiar with putting the K2000 in the DMZ, but if they are linked, you should be able to connect to the K2000 from the K1000 interface. Public Internet KBOX SSL Setup https://downloads.kace.com/support/downloads/faq/PublicInternetKBOXSSLSetup.pdf Precautions before Implementing SSL http://www.kace.com/support/kb/index.php?action=artikel&cat=6&id=833&artlang=en How do I configure my KBOX to support SSL? http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=604&artlang=en How do I configure LDAPS (Secure LDAP) for my KBOX? http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=592&artlang=en Which network ports does the KACE K1000 appliance require to function? http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=589&artlang=en
Posted by: jknox 11 years ago
Red Belt
4

You would have to put them in your DMZ and enable SSL.  Once provisioned, the K1000 agents would only need HTTP/HTTPS access and to be able to access port 52230 for the AMP connection.  I'm less familiar with putting the K2000 in the DMZ, but if they are linked, you should be able to connect to the K2000 from the K1000 interface.

Public Internet KBOX SSL Setup
https://downloads.kace.com/support/downloads/faq/PublicInternetKBOXSSLSetup.pdf

Precautions before Implementing SSL
http://www.kace.com/support/kb/index.php?action=artikel&cat=6&id=833&artlang=en

How do I configure my KBOX to support SSL?
http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=604&artlang=en

How do I configure LDAPS (Secure LDAP) for my KBOX?
http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=592&artlang=en

Which network ports does the KACE K1000 appliance require to function?
http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=589&artlang=en

Comments:
  • Thanks for the quick info. I will relay this to our network team to get started on this! - sfigg 11 years ago
    • I forgot to mention you can enable SSL for the AMP connection and I would recommend that as well. - jknox 11 years ago
      • Thanks. This is a setting in the KBOX admin section somewhere, right?

        In regards to open ports for managed installs/scripts, if we have each of our 20 locations setup with a replication machine, and no fallback to the main K1000, will they not work? Will we need to open 443 and 52230 on each of the 20 machines to be able to push out things via replication boxes? - sfigg 11 years ago
  • We opened the k1000 only to outside, did not see need for 2000. This now lets the laptops check in from home and allow us to push critical updates to them.

    It also give you a chance to reach a laptop if it gets stolen and someone brings it up on the net. - SMal.tmcc 11 years ago
    • we opened ports 443 and 52230 - SMal.tmcc 11 years ago
      • Thanks for the info. I got tired of using TeamViewer to remote into work, and after going to Konference this year, it seems like more and more people are enabling access from outside the district.

        Are you using LDAPS? - sfigg 11 years ago
  • Yes - SMal.tmcc 11 years ago
Posted by: sfigg 11 years ago
Red Belt
0

Thanks for everyone's help! Got it working and it's MUCH better =)

Posted by: sfigg 11 years ago
Red Belt
0

Whenever I follow this page, I run into an error on the last step when creating the CSR file.

How do I configure my KBOX to support SSL?
http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=604&artlang=en

 

WARNING: can't open config file: /usr/local/ssl/openssl.cnf

Unable to load config infro from /usr/local/ssl/openssl.cnf

 

I'm running OpenSSL in Windows on an x86 Windows 7 machine. I have no clue what to do here...

Comments:
  • That is not a windows path, you have a command switch error
    http://irwinj.blogspot.com/2008/11/unable-to-load-config-info-from.html
    http://stackoverflow.com/questions/7360602/openssl-error-in-reading-openssl-conf-file - SMal.tmcc 11 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ