Field-based laptops - what do others do re: ERAS/ERAC?

Discussion in 'Other ESET Home Products' started by jimwillsher, Aug 12, 2010.

Thread Status:
Not open for further replies.
  1. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Hi all,

    At present all our client machines are configured to contact the ERAS via it's NETBIOS name (TCSERVER). This means they only contact the server when they are back in the office.

    Increasingly, some users are spending longer and longer out of the office, so the ERAC/ERAS is outdated for longer and longer.

    Is there a general concensus on what others do? Do most people here configure the clients to connect to the external DNS name, and open port 2222 on their external firewall? Or 2222 and others? Or do most people use the NETBIOS name and just accept that only computers in the office can contact the ERAS.

    Many thanks for your thoughts.




    Jim
     
  2. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    I typically just ignore the laptops when they are on the field. I really dont care the "last time connected to ERA" server. As long as when they are in the office, the DAT is up-to-date, and the laptops are configured to use ESET mirrors as a fallback update solution.
     
  3. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    ok many thanks. We're not using update mirrors since we're split across multiple sites with low user-counts at each site (so no concerns over bandwidth). So I guess the only benefit we'd get would be to see which clients are updating or not updating.

    Cheers,



    Jim
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    All clients are configured to point to the server's FQDN. The firewall is opened on port 2222 for client reporting from the internet to the management console with a password set. Laptops are assigned the a policy that gives them a dual-update profile. The default update source is our mirror, but the firewall blocks that so it falls back to Eset's servers for the update source. If Eset's servers are having problems, which has happened in the past, we open our firewall up temporarily on 2221.
     
  5. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Many thanks folks, for the feedback.

    What I've settled on is this:

    Update server - have the NETBIOS name in the first entry, connecting on 2222, and the FQDN in the second entry using a different (much higher) port number

    and

    just use a single update profile, getting updates from ESET. For our setup I couldn't justify the local mirror / dual profile stuff.

    Cheers,



    Jim
     
  6. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    I think you can use either a netbios or FQDN and point it all towards the same port destination. It's not like this is being transported over SSL where it will throw an error about the mismatch.
     
  7. Jahntassa

    Jahntassa Registered Member

    Joined:
    Sep 3, 2010
    Posts:
    2
    It does not.

    I have a split-dns setup, all the servers use the internal (actual) name of the server. Teleworker devices and laptops use an external FQDN to port 2222.
     
Thread Status:
Not open for further replies.