Hello,
Our organization places contractors off-site with equipment provided by us. Usually these contractors are stationed at the client's site, but sometimes they are also at home. We need to be able to perform inventory on these machines and manage them, as the contractors rarely ever come onsite. It is also common that the computer they are using is NOT joined to our domain. The computer is for all intensive purposes at the mercy of the client's own IT management; however, we NEED to be able to inventory these computers because we provide the software, among other reasons.
I have not been able to find much documentation on managing offsite/remote Altiris agents. I understand how to expose the NS and DS servers publically, but I am concerned about security… primarily agent authentication. I don’t want any agent not authenticated to be able to interact with the NS server, such as posting inventory data.
1. Is there a URL, KB Article, or PDF that explains how this is accomplished?
2. What authentication methods are available to the DS and NS that disallow unauthorized registration/communication of an Altiris Agent on our servers? I know that System Center Configuration Manager uses client certificates as an authentication mechanism for managing public/offsite/remote clients, but we don’t have a PKI but I would be content with Username/Password/SSL combo.
3. Is it recommended that we only expose NS to our DMZ, or can we also do this with the DS safely? I don’t think the DS uses SSL, so this makes me nervous.
I want to be able to accomplish this with Altiris, but the way I see it there are some security risks regarding Authentication of agents and need to know how this is handled, or if it is even recommended.
As always, any help is greatly appreciated!