Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1634 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificates

tedz

Hello,

I'm wondering on how to do a same certificates on Enterprise Console in all branches, in our company almost 20+ branches. Tha main Console is windows server 2008 r2 64bit and other windows server 2003 sp2 and every branch must have a console with they same certificate in the main server.

I appreciate your help.

tedz

:22517


This thread was automatically locked due to age.
Parents
  • 0

    Hello tedz,

    you should consider just installing update servers in the branches, not full Consoles. While your license allows the installation of more consoles, it is bad practice because you can not monitor and configure the devices on a corporate level. If you install EC 5.0 just once and install just the Sophos Update Manager in the branches, you can do central management.

    The Sophos terminology is somewhat misleading - the Sophos Enterprise Console is actually a management service with an SQL database to store rules and client data. The management GUI can be installed separately.

    My suggestion is:

    1 installation of EC 5.0 in the headquarter

    20 SUM-installations in the branches - the SUM is not a download from sophos, it is a subset package that lies on the EC-server after installation. Just copy this much smaller installation ressource to your branch servers and install it there. These SUMs will all communicate with the EC, and they get their configuration from the SEC.

    An additional step would be to assign each SUM-server as a message router, channeling the management communication over this machine. All status data is aggregated on the EC in the headquarter. This is required for large-scale deployments, as each client holds a TCP-connection to its message router. Having a message router in some or all branches reduces the workload on the EC-server.

    If you have IT-staff in each branch, you can install the management GUI for each of them. They can have corporation-wide access or just access to their assigned devices.

    Best regards,

    Detlev

    :22631
Reply
  • 0

    Hello tedz,

    you should consider just installing update servers in the branches, not full Consoles. While your license allows the installation of more consoles, it is bad practice because you can not monitor and configure the devices on a corporate level. If you install EC 5.0 just once and install just the Sophos Update Manager in the branches, you can do central management.

    The Sophos terminology is somewhat misleading - the Sophos Enterprise Console is actually a management service with an SQL database to store rules and client data. The management GUI can be installed separately.

    My suggestion is:

    1 installation of EC 5.0 in the headquarter

    20 SUM-installations in the branches - the SUM is not a download from sophos, it is a subset package that lies on the EC-server after installation. Just copy this much smaller installation ressource to your branch servers and install it there. These SUMs will all communicate with the EC, and they get their configuration from the SEC.

    An additional step would be to assign each SUM-server as a message router, channeling the management communication over this machine. All status data is aggregated on the EC in the headquarter. This is required for large-scale deployments, as each client holds a TCP-connection to its message router. Having a message router in some or all branches reduces the workload on the EC-server.

    If you have IT-staff in each branch, you can install the management GUI for each of them. They can have corporation-wide access or just access to their assigned devices.

    Best regards,

    Detlev

    :22631
Children
No Data