Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 25962 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Message Router/Relay

wellsm

I'm hoping someone out there can help me untangle my brain on Message Routers and Relays.

(Question 1 - are Routers and Relays the same think?  What's the difference?)

I have a case where I need to set up another update manager.  We would like all traffic for the endpoints assigned to that location to go through that Update manager and not directly to the server with the Enterprise console on it.

Getting the updates to pull from the new Update Manager is easy enough - I followed the instructions from the documentation on adding a new UM and all is well.  After I created a new Update policy to point to the new UM, updates were being pulled from the new UM.  Great!

But, it appears that the RMS traffic is heading right back to our main server.  After some reading, I figure I need to make that UM a Message Relay as well.  I use This KB article to edit the mrinit.conf, use ConfigCID.exe, etc. without errors or problems.  

BUT - one bit of confusion.  The doc isn't clear WHICH server you should edit and run ConfigCID on - The server with the Console or the new Update Manager server.  I figured I should run this on the master server with the Console, but I didn't see the new mrinit.conf file propogate down.

So, Which server do I update?

Also - if I make the change for a client to point to this new server for updates, will it also use it for Message Routing/relaying?  OR would I need to reprotect for that?

(Thanks in Advance)

:39535


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    In the Sophos Remote Management System (RMS) world a "Message Router" or just "Router" is the name given for the RouterNT.exe process or "Sophos Message Router" service.

    A "Message Relay" or "Message Relay Router", is a router which is configured to relay messages.  So you can have:

    [SEC+Router] <-> [Message Relay] <-> [Client+Router]

    or even:

    [SEC+Router] <-> [Message Relay] <-> [Message Relay] <-> [Message Relay] <-> [Client+Router]
    if you want to go mad.

    What turns a regular router into a relay is really down to it's configuration.  Mainly due to it's ability to handle more traffic.

    A Router is turned into a relay due to the configuration with mrinit.conf as per: http://www.sophos.com/en-us/support/knowledgebase/14635.aspx.

    So essentially wherever the router gets it's updating from (CID\Distribution point) should be configured with a custom mrinit.conf.

    So there are a couple of ways to set this up but this is the most common:

    1. Install SEC (Server A)

    2. Install SUM (Server B)  (Usually just run the setup.exe from the SUMInstallSet share)

    3. Get the SUM at Server B to create it's local distribution points (configure subscriptions etc) by configuring them in SEC once the computer appears in SEC.

    4. Deploy the endpoint software on Server B  from the local CID.

    At this point the SUM at Server B is just a regular RMS client reporting into Server A directly.  To turn it into a relay you would edit the distribution point Server B is using. i.e. copy the mrinit.conf file from the root of the distribution point and copy it into the "rms" sub directory.  You then edit the file, specifying the addresses of Server B as the "ParentRouterAddress" value.  Save the file, and then run configCID.exe against this location in order to update the catalog file in the CID, so the client(s) will pull down the change.  You need to run configCID.exe on the management server machine in the later version of SUM.  If it's not possible to address the distribution point on server B from server A http://www.sophos.com/en-us/support/knowledgebase/13112.aspx has a workaround of copying a registry key over.

    5.  On the next update on Server B, AutoUpdate will see the new mrinit.conf, pull it down as part of the RMS package, RMS will then re-install on the machine, clientmrinit.exe will run, see that the parentRouterAddress is "this" machine and convert it to a relay.  You can confirm this has happend by checking the registry keys are as those in the 14635 article.  E.g. ConnectionCache has gone from a client value of 10 to 20512.

    6.  All clients at the site of Server B should also update from the same distribution point (or another configured with mrinit.conf in the same way) . Evidence that they are configured is they will point at ServerB as their "parentaddress" (HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\)

    Hope it helps.

    Regards,

    Jak

    :39541
Reply
  • 0

    Hi,

    In the Sophos Remote Management System (RMS) world a "Message Router" or just "Router" is the name given for the RouterNT.exe process or "Sophos Message Router" service.

    A "Message Relay" or "Message Relay Router", is a router which is configured to relay messages.  So you can have:

    [SEC+Router] <-> [Message Relay] <-> [Client+Router]

    or even:

    [SEC+Router] <-> [Message Relay] <-> [Message Relay] <-> [Message Relay] <-> [Client+Router]
    if you want to go mad.

    What turns a regular router into a relay is really down to it's configuration.  Mainly due to it's ability to handle more traffic.

    A Router is turned into a relay due to the configuration with mrinit.conf as per: http://www.sophos.com/en-us/support/knowledgebase/14635.aspx.

    So essentially wherever the router gets it's updating from (CID\Distribution point) should be configured with a custom mrinit.conf.

    So there are a couple of ways to set this up but this is the most common:

    1. Install SEC (Server A)

    2. Install SUM (Server B)  (Usually just run the setup.exe from the SUMInstallSet share)

    3. Get the SUM at Server B to create it's local distribution points (configure subscriptions etc) by configuring them in SEC once the computer appears in SEC.

    4. Deploy the endpoint software on Server B  from the local CID.

    At this point the SUM at Server B is just a regular RMS client reporting into Server A directly.  To turn it into a relay you would edit the distribution point Server B is using. i.e. copy the mrinit.conf file from the root of the distribution point and copy it into the "rms" sub directory.  You then edit the file, specifying the addresses of Server B as the "ParentRouterAddress" value.  Save the file, and then run configCID.exe against this location in order to update the catalog file in the CID, so the client(s) will pull down the change.  You need to run configCID.exe on the management server machine in the later version of SUM.  If it's not possible to address the distribution point on server B from server A http://www.sophos.com/en-us/support/knowledgebase/13112.aspx has a workaround of copying a registry key over.

    5.  On the next update on Server B, AutoUpdate will see the new mrinit.conf, pull it down as part of the RMS package, RMS will then re-install on the machine, clientmrinit.exe will run, see that the parentRouterAddress is "this" machine and convert it to a relay.  You can confirm this has happend by checking the registry keys are as those in the 14635 article.  E.g. ConnectionCache has gone from a client value of 10 to 20512.

    6.  All clients at the site of Server B should also update from the same distribution point (or another configured with mrinit.conf in the same way) . Evidence that they are configured is they will point at ServerB as their "parentaddress" (HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\)

    Hope it helps.

    Regards,

    Jak

    :39541
Children
No Data