This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Questions regarding the Relay Message Computer(s)

Hi,

I have been reading about Relay Message Computers.

I have some questions about it as I didn't fully understand everything.

When you are creating your new distibution location, is this location a location on the SEC? Or is this location on the intended Relay Message Computer/Server?

Does the Relay Message Computer need to be in the list of Update Managers? And if it does, I would assume we would create our new distrubution point on this Update Manager. From what I understand, the Relay Message Computer should not be listed as a Update Manager.

When you create your new update policy, do you point directly at the new distribution point under the "Address" field? On our current SEC we have S000 through to S005, but under the update policy we just have \\<servername>\SophosUpdate. Based on what you subscribe to the server knows which folder to push the updates from. How does this work for the Relay Message Computer?

Sorry if these questions aren't clear. I'm just trying to get a better understanding of how this is supposed to work.

Thank you

This thread was automatically locked due to age.

Parents

0 jak over 12 years ago

Hi,
You essentially need a CID (\\[Server1]\SophosUpdate\CIDs\Sxxx\[package name]) that the relay computer and client computers (you intend to message via the relay) update from. There are a few different ways of doing it which I suppose leads to confusion.
You don't have to make the relay a SUM server but it probably makes some sense. To do so:
Install an additional SUM on the "relay" computer. You can run the setup.exe from the SUM install share on the SEC server to do this. The SUM becomes managed in SEC. Subscribe it to the necessary subscriptions etc and wait for it to create the local CIDs.
Then you go into the local CIDs on the relay, e.g. SAVSCFXP, copying the mrinit.conf in the root of the CID into the rms sub directory. It's a copy rather than a move.
You edit this new ...\SAVSCFXP\rms\mrinit.conf" file to replace the original IP, FQDN, NetBIOS name with the IP, FQDN and NetBIOS name of the relay computer but you only do this for the ParentRouterAddress line not both entries that references the addresses. You then run configcid against the CID to add the custom mrinit.conf to the cidsync.upd file.
To do so, from the SEC Server run:
Configcid.exe \\[newsumaddress]\sophosupdate\CIDS\Sxxx\SAVSCFXP\
(ConfigCID is in \program files\sophos\Update manager\)
You can see it mention mrinit.conf has been added to the checksum.
Then run setup.exe from this CID on the relay computer to install SAV on the computer, when it gets to the RMS package it will detect that this is to be the relay and configure it accordingly. I.e. Changes registry keys as mentioned at the bottom of http://www.sophos.com/en-us/support/knowledgebase/14635.aspx. I.e the connectioncache value will have increased from the 10 that a client is configured to be.
The computers in SEC should be in a group which has the updating policy set to this CID/subscription combination.
All clients that you expect to message through this relay should then be bootstrapped from the same CID. They could be configured to update from a different location configured the same way but it's unlikely you will want to do that. All the clients would be in a group which links to an updating policy that references this same CID as the relay.
Regards,
Jak
:36757
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 12 years ago

Hi,
You essentially need a CID (\\[Server1]\SophosUpdate\CIDs\Sxxx\[package name]) that the relay computer and client computers (you intend to message via the relay) update from. There are a few different ways of doing it which I suppose leads to confusion.
You don't have to make the relay a SUM server but it probably makes some sense. To do so:
Install an additional SUM on the "relay" computer. You can run the setup.exe from the SUM install share on the SEC server to do this. The SUM becomes managed in SEC. Subscribe it to the necessary subscriptions etc and wait for it to create the local CIDs.
Then you go into the local CIDs on the relay, e.g. SAVSCFXP, copying the mrinit.conf in the root of the CID into the rms sub directory. It's a copy rather than a move.
You edit this new ...\SAVSCFXP\rms\mrinit.conf" file to replace the original IP, FQDN, NetBIOS name with the IP, FQDN and NetBIOS name of the relay computer but you only do this for the ParentRouterAddress line not both entries that references the addresses. You then run configcid against the CID to add the custom mrinit.conf to the cidsync.upd file.
To do so, from the SEC Server run:
Configcid.exe \\[newsumaddress]\sophosupdate\CIDS\Sxxx\SAVSCFXP\
(ConfigCID is in \program files\sophos\Update manager\)
You can see it mention mrinit.conf has been added to the checksum.
Then run setup.exe from this CID on the relay computer to install SAV on the computer, when it gets to the RMS package it will detect that this is to be the relay and configure it accordingly. I.e. Changes registry keys as mentioned at the bottom of http://www.sophos.com/en-us/support/knowledgebase/14635.aspx. I.e the connectioncache value will have increased from the 10 that a client is configured to be.
The computers in SEC should be in a group which has the updating policy set to this CID/subscription combination.
All clients that you expect to message through this relay should then be bootstrapped from the same CID. They could be configured to update from a different location configured the same way but it's unlikely you will want to do that. All the clients would be in a group which links to an updating policy that references this same CID as the relay.
Regards,
Jak
:36757
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data