Drawback in using Kace public ip????????
What are the drawback in using Kace public ip in amp.conf file, we have some users in office who doesnt connect to office network,
we can access Kace using Public and private ip, all the computers are configured with private ip,when users are out of office,machines are not
able to update for long time, pls let me know if there is any drawbacks in using public ip in amp.conf so that end user machines could update itself
when connected from other networks(Public)
Please log in to answer
Posted by: StockTrader 5 years ago
there are no drawbacks using a public IP and so publishing your KACE appliance on Internet but I'd recommend to use a SSL certificate at this point.
Please do not use the self signed certificate but buy a certificate issued by a known, trusted CA. (Verisign, GoDaddy, etc..)
If you already have a wildcard certificate (e.g.: *.mydomain.com) you can use it as well for your KACE appliances.
Marco - StockTrader
Posted by: nshah 5 years ago
From a Security side, if there are any vulnerabilities, like the SSL Poodle or with the FreeBSD, you would be exposing your KBOX to those issues and would have to wait for kace to provide a fix. They usually recommend pulling it behind your firewall if that ever happens. It is far and few in between that it would happen but just something to be aware of. Outside of that, as StockTrader mentioned, SSL is good.
I always recommend though to keep the KBOX behind your firewall and NAT the traffic through so you won't have to worry about exposing the KBOX In the DMZ or anything. Just installed the agents with a public DNS name and let it resolve into your network and open only the ports the KBOX needs.
Posted by: rahimpal 5 years ago