Field-based laptops - what do others do re: ERAS/ERAC?

Hi all,

At present all our client machines are configured to contact the ERAS via it's NETBIOS name (TCSERVER). This means they only contact the server when they are back in the office.

Increasingly, some users are spending longer and longer out of the office, so the ERAC/ERAS is outdated for longer and longer.

Is there a general concensus on what others do? Do most people here configure the clients to connect to the external DNS name, and open port 2222 on their external firewall? Or 2222 and others? Or do most people use the NETBIOS name and just accept that only computers in the office can contact the ERAS.

Many thanks for your thoughts.




Jim

 

I typically just ignore the laptops when they are on the field. I really dont care the "last time connected to ERA" server. As long as when they are in the office, the DAT is up-to-date, and the laptops are configured to use ESET mirrors as a fallback update solution.

 

ok many thanks. We're not using update mirrors since we're split across multiple sites with low user-counts at each site (so no concerns over bandwidth). So I guess the only benefit we'd get would be to see which clients are updating or not updating.

Cheers,



Jim

 

All clients are configured to point to the server's FQDN. The firewall is opened on port 2222 for client reporting from the internet to the management console with a password set. Laptops are assigned the a policy that gives them a dual-update profile. The default update source is our mirror, but the firewall blocks that so it falls back to Eset's servers for the update source. If Eset's servers are having problems, which has happened in the past, we open our firewall up temporarily on 2221.

 

Many thanks folks, for the feedback.

What I've settled on is this:

Update server - have the NETBIOS name in the first entry, connecting on 2222, and the FQDN in the second entry using a different (much higher) port number

and

just use a single update profile, getting updates from ESET. For our setup I couldn't justify the local mirror / dual profile stuff.

Cheers,



Jim

 

I think you can use either a netbios or FQDN and point it all towards the same port destination. It's not like this is being transported over SSL where it will throw an error about the mismatch.

 

It does not.

I have a split-dns setup, all the servers use the internal (actual) name of the server. Teleworker devices and laptops use an external FQDN to port 2222.