We have some users who are not part of Company domain and are remote. What is the best method of installing KACE agent on these machines (Windows 7)? In order for these users to be able to connect to KACE box, what settings are required on KACE box? i.e. how KACE should be configured so that these users can connect to KACE? Thanks much.

Answer Summary:
You will definitely want to use a VPN connection, or SSL on the agent for the remote users. If you are not using a VPN, you will have to place your KBOX in a DMZ with an address that can connect to the internet, and I recommend you discuss the security rammifications with support. You will need administrative access to the remote machines. You can allow unknown email addresses into the helpdesk, but if you are putting it in the DMZ, you are going to need to be concious of spam. You also will have to enter these users manually in the system rather than pulling them from Active Directory unless you create something like an AD LDS instance for the external users. Creating RSAs may help to provide better access if you can place them closer to the users than your main installation. The administrator guide should be a good resource as well.
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

1

  I prefer not to let external users into the KACE, but you may have very good reasons to do so.  I would look very seriously at the security implications.  You may find you want to create two ORGs to do this.  ORGs are the only hard security barrier in the KACE.

  You will definitely want to use a VPN connection, or SSL on the agent, for the remote users.  To the best of my knowledge, SSL on agent communications is an all or nothing feature; you will be using it for all agents, and for the web interface.  If you are not using a VPN, you will have to place your KBOX in a DMZ with an address that can connect to the internet, and I recommend you discuss the security rammifications with support.

  You may have some interesting difficulties managing the machines if they are not part of the domain because you will need administrative access to their machines.

  You will also have some considerations in how to manage them in the helpdesk if they have email addresses that are not part of your domain.  You can allow unknown email addresses into the helpdesk, but if you are putting it in the DMZ, you are going to need to be concious of spam.  You also will have to enter these users manually in the system rather than pulling them from Active Directory unless you create something like an AD LDS instance for the external users.

  This isn't extremely difficult to do, it just takes careful planning before you start implementing.  I hope this gives you a good start!

Answered 05/11/2012 by: philologist
Red Belt

  • This content is currently hidden from public view.
Please log in to comment

Answers

0

The administrator guide includes relevant information on configuring the KBOX to allow access from outside of your network. I would suggest you read those sections. 

Answered 05/16/2012 by: chucksteel
Red Belt

  • This content is currently hidden from public view.
Please log in to comment
0

Creating KBox Replica Servers would also help in managing remote locations.

Answered 05/25/2012 by: ninjamasterpro
Blue Belt

  • Thanks. We will be settting up the replica Servers when we start with Image deployment.
  • Creating replica servers will help if you can place them near the remote users. It sounds like these are external users, and it isn't a situation like a remote office where you can place an RSA on a remote network segment of your own corporate network.
Please log in to comment
Answer this question or Comment on this question for clarity

Share