Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1243 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos for home use

nduda78

So i was reading the KB's and EULA for providing Sophos for employees to use at home. Basically what I got out of it was that we need to provide a packaged version of Sophos that uses an update server that we host. I understand this and like it because if the employee leaves the company the AV will stop updating, and if they dont have the EM credentials they cant update directly from Sophos.

My question is what is the best practice for a global pressence? I'd rather not have public web servers all over the globe with different packges for each. for example, Im in Boston, and we have an office in Australia. I'd rather not have the home user in Australia updating against a server here in Boston.

:20153


This thread was automatically locked due to age.
  • 0
    A WebCID is just an update location accessible with the HTTP protocol. An installation package is similar to the standalone version and more or less a convenience - you can pre-define quite a lot or almost nothing at all. If you configure your WebCIDs so that they can only be accessed with a valid employee account you could build a "Boston" and an "Australia" package with the respective nearest location predefined. Users would have to enter their credentials (thus the preconfigured policy would have to allow local configuration). This assumes your webservers/WebCIDs are more or less public. VPN is one way not to expose the webservers, using a proxy is another.
    It depends on numbers of users, the ressources you have available and the level of service and security you want to achieve.

    Christian
    :20161
  • 0

    Right, I understand all this. I should have been more clear.

    First off, am I correct in saying that the only approved method, according to EULA, for home Sophos users is to update against a WebCID that the company publishes. We are not permitted to give out the EM credentials for users to update against Sophos directly? I prefer they update against us.

    I would also want it public, through a proxy we run, rather than VPN so they can always have the latest updates.

    If its IIS, I imagine I would set the users credentials on the WebCID so each employee would use their own credentials in the Sophos endpoint software, rather than a static username and password.

    :20163
  • 0
    IMO correct, WebCID it is.
    Those home users preferring or wanting Sophos are likely able to enter their credentials. And of course you can't withdraw a static account. Individual credentials don't go together with central management (which, apart from this, would also be possible for home users).

    Christian
    :20165