Client Management Suite

Hey all, I am trying to set up an option that would allow our laptop users to patch while connected to the internet but NOT connected to the VPN. I know that one of the recommended options is to put the NS on a DMZ and use SSL, however based on our network architecture here that simply isn't an option for me. Is there any way using Site Servers to create a DMZ'ed Site Server that would allow me to patch laptops across the internet while they are not in the office? I have actually done this with our old patching product and it worked very well. I used a feature in that product called "Fast Path Server" wherin thier version of Site Servers could be placed on a list and assigned via policy to any group of clients you specified. This included the ability to assign an IP or a URL as a "Site Server". The client would then run through the list and see which server was "closest" and then use that one for patching. If the client was not on our internal network, only the Public IP of the one "Site Server" would respond and it would use that one. Is there a similar option in Altiris 7? EDIT: I noticed that under the "Altiris Agent Settings - Targeted" section there is an option for "Alternate URL for accessing NS" Can this be pointed at a Site Server, or does it HAVE to be a full NS? If it can be a Site Server then that solves my problem altogether.

There is no way to leverage Site Servers as a "DMZ'd NS".  The Site Servers do not have enough intelligence to accomplish this.  The "Alternate URL for accessing NS" will not accomplish this either.  This setting is meant for replacing the current way your clients communicate with the NS with something else.  For example, by default, the NS agent communicates with the NS via hostname.  If you would like them to communicate with the actual IP of the server instead, you would use this option.

Now, don't give up hope just yet!  :)

We are working on a feature that will allow the clients outside your network to securely communicate with an NS that is NOT DMZ'd.  As we get closer to the next release we should have some more details for you.

That's dissapopinting to hear, but I'm gratified to know that you are working on a solution.

Incidentally, have you considered simply adding a "proxy round robin" system (like the one I described in my first post) to the client?  If it's a setting you can add in the Altiris client settings, then you don't need to get overly complicated with the NS and involve any kind of network trickery.  You might need to add an update to the site servers to allow for encrypted communication, but other than that it could be a very simple setup indeed.

In the meantime we can't patch our mobile users, so I hope that a quick fix is incoming.  I'm not looking forward to telling my boss.

Yes, interesting concept indeed.  I'll pass it along to the appropriate Product Manager - I'll let you know if we have any further questions.

Thanks!

p.s. Feel free to submit this as an Idea as well (using the Ideas tab above) so you can get additional community support (and Connect points)!