Internet facing RA server

Hello all first post here.

I've done a search and have not found a tutorial or "best practices" guide to this.

Basically I want to setup a RA server that my clients will report back to no matter where they are.

I service multiple client networks and would like to be able to see all of my client computers in one place and be able to initiate scans, config changes, etc.

I do not wish to use the RA server as an update server.

Does anyone have a sample config I could look at or have a link to a guide for this?

Thanks in advance.

 

All you really need to do in that situation is make sure your RAS runs in an isolated DMZ, that you only expose TCP port 2222 to it, and disable unauthenticated client access on the RAS security tab. Make sure the password the clients get for console access matches up to the client password you set on the RAS and you will be all set.

 

Thanks for the reply.

1 Other question. I'll be managing multiple different clients (customers) how does that affect licensing?

 

Each RAS has its own pool of licenses and you can't really break that up to say "these clients use this license pool and these other ones use these ones". You can do client grouping within the RAS to help keep them sorted. I see two ways of doing this: Either you personally buy one big set of licenses and personally keep track how many each client is entitled to and bill/cap them accordingly, or you use something like ESXi on the host to run multiple operating systems each with their own RAS installed and a seperate license pool for each client. Then each client gets their own license and if they hit their cap then it is their own problem and it won't interrupt other customers.