Can anyone give me a brief overview of any steps/hurdles involved in opening up the K1000 and K2000 to be able to access from outside the LAN?

I'm assuming this would allow the following:

-Website access from home
-Machines check in to K1000 off-site

Here are the questions I have:

-Do we need to open up certain ports to get the agent working properly from outside?
-Will scripts/managed installs still work? What about if we use Replication boxes? Will they need certain ports open to send outside the building as well?
-Anything else I should know?

Our VPN is horrible, and I can't connect to the KACE boxes while outside of work unless I remote into my desktop at work via TeamViewer or other program, which is laggy.

 

Thanks! 

Answer Summary:
You would have to put them in your DMZ and enable SSL. Once provisioned, the K1000 agents would only need HTTP/HTTPS access and to be able to access port 52230 for the AMP connection. I'm less familiar with putting the K2000 in the DMZ, but if they are linked, you should be able to connect to the K2000 from the K1000 interface. Public Internet KBOX SSL Setup https://downloads.kace.com/support/downloads/faq/PublicInternetKBOXSSLSetup.pdf Precautions before Implementing SSL http://www.kace.com/support/kb/index.php?action=artikel&cat=6&id=833&artlang=en How do I configure my KBOX to support SSL? http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=604&artlang=en How do I configure LDAPS (Secure LDAP) for my KBOX? http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=592&artlang=en Which network ports does the KACE K1000 appliance require to function? http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=589&artlang=en
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

4

You would have to put them in your DMZ and enable SSL.  Once provisioned, the K1000 agents would only need HTTP/HTTPS access and to be able to access port 52230 for the AMP connection.  I'm less familiar with putting the K2000 in the DMZ, but if they are linked, you should be able to connect to the K2000 from the K1000 interface.

Public Internet KBOX SSL Setup
https://downloads.kace.com/support/downloads/faq/PublicInternetKBOXSSLSetup.pdf

Precautions before Implementing SSL
http://www.kace.com/support/kb/index.php?action=artikel&cat=6&id=833&artlang=en

How do I configure my KBOX to support SSL?
http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=604&artlang=en

How do I configure LDAPS (Secure LDAP) for my KBOX?
http://www.kace.com/support/kb/index.php?action=artikel&cat=55&id=592&artlang=en

Which network ports does the KACE K1000 appliance require to function?
http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=589&artlang=en

Answered 01/16/2013 by: jknox
Red Belt

  • Thanks for the quick info. I will relay this to our network team to get started on this!
    • I forgot to mention you can enable SSL for the AMP connection and I would recommend that as well.
      • Thanks. This is a setting in the KBOX admin section somewhere, right?

        In regards to open ports for managed installs/scripts, if we have each of our 20 locations setup with a replication machine, and no fallback to the main K1000, will they not work? Will we need to open 443 and 52230 on each of the 20 machines to be able to push out things via replication boxes?
  • We opened the k1000 only to outside, did not see need for 2000. This now lets the laptops check in from home and allow us to push critical updates to them.

    It also give you a chance to reach a laptop if it gets stolen and someone brings it up on the net.
    • we opened ports 443 and 52230
      • Thanks for the info. I got tired of using TeamViewer to remote into work, and after going to Konference this year, it seems like more and more people are enabling access from outside the district.

        Are you using LDAPS?
  • Yes
Please log in to comment

Answers

0

Thanks for everyone's help! Got it working and it's MUCH better =)

Answered 01/18/2013 by: sfigg
Red Belt

Please log in to comment
0

Whenever I follow this page, I run into an error on the last step when creating the CSR file.

How do I configure my KBOX to support SSL?
http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=604&artlang=en

 

WARNING: can't open config file: /usr/local/ssl/openssl.cnf

Unable to load config infro from /usr/local/ssl/openssl.cnf

 

I'm running OpenSSL in Windows on an x86 Windows 7 machine. I have no clue what to do here...

Answered 01/16/2013 by: sfigg
Red Belt

  • That is not a windows path, you have a command switch error
    http://irwinj.blogspot.com/2008/11/unable-to-load-config-info-from.html
    http://stackoverflow.com/questions/7360602/openssl-error-in-reading-openssl-conf-file
Please log in to comment
Answer this question or Comment on this question for clarity