Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 14781 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CID Server support different OS's

maeglin
I would like to create a CID server on Linux that provides updates to Linux, Unix and Windows clients. The clients do not have access to the Internet. The CID server shares a directory with the clients and can retrieve its own updates. The "mkinstpkg" tool creates an OS-specific installer which will not work on the other systems. Are the alternate OS files even on the CID server? If this will not work, are there instructions for downloading the update data directly so the CID server can store the update files for the other operating systems? Sincerely
:56421


This thread was automatically locked due to age.
  • 0

    Hello maeglin,

    only the management server/SUM on Windows can provide cross-platform CIDs.

    are there instructions for downloading the update data directly

    There are two kinds of updates - threat detection data and software updates (including consolidation of threat detection data). The former could be downloaded by Linux but can't be put into the CID, the latter aren't provided in a directly usable format.

    I wonder though whether your network is just this Linux server and these isolated endpoints? Have you already installed Sophos on them (the non-Linux ones, then it's likely the standalone/unmanaged version) - and was your idea that they get their updates via the share on the Linux server?

    Christian

    :56426
  • 0

    " Have you already installed Sophos on them (the non-Linux ones, then it's likely the standalone/unmanaged version) - and was your idea that they get their updates via the share on the Linux server?"


    This is a new installation, so we have some flexibility; however, there are no Microsoft OS's on the network. I have not installed the management console. Would that help at all? I have only experimented with the CID server install.


    The plan was for the clients to get the original install package and future updates from the Linux server CID.


    Correct. The idea is to use the Linux server to share the files for the isolated end-points. The easiest thing for me is to SSH+rsync a directory on the Linux server into the isolated network. I can easily write scripts to retrieve any data files and copy them into this shared directory.


    I am open to other approaches. Your advice is greatly appreciated.

    :56433
  • 0

    Hello maeglin,

    the management console

    requires Windows.

    I can easily write scripts to retrieve any data files

    You'd need at least a Windows endpoint (or management server/SUM) which can connect to Sophos(*), is able to understand the Warehouse structure and can download and decode the files.

    (*) While Using a caching proxy server is written for the Cloud product it might work in a similar fashion for Endpoint as well.

    You won't be able to retrieve the Warehouse (or at least the necessary files) from the Sophos CDN and provide it to the endpoints other than with a Windows installation. Looks like we're discouraged from updating (just) the definitions by downloading the latest IDE files (of course in addition regularly installing the latest standalone package to update the engine) as the virus data version on the IDEs page (right now 5.10) lags behind (the current SA package has apparently 5.11 and the subscriptions 5.12).

    Christian

    :56437
  • 0

    I appears that I can use the Linux box on the Internet-side as a proxy server for a UNIX CID server on the private network.

    While creating the installation package on the CID server (mkinstpkg) I am given the option to specfify a website from which to retreive updates:

    Updating from your own server.
Website or directory from which to update? []

    Can I specify a proxy server directly here?

    Alternatively, I could specify "sophos" for updates, but configure the WPAD statically in the hosts file?

    The Sophos AutoUpdate service uses WinHTTP for update requests. WPAD and PAC can thus be used to ensure that updates are downloaded via the proxy server.
    www.sophos.com/.../121131.aspx

     Do  you have any experience, insights or references for a set-up like this? Are there any issues with haveing the SUM talk through a proxy?

    Sincerely

    :56448
  • 0

    Hello maeglin,

    any issues with haveing the SUM talk through a proxy

    so you intend to let one computer connect to the "outside"? Please note that there is not standalone SUM, you'd need to install the management server (please see here for the supported platforms).

    WPAD

    Should have told you what applies to Endpoint (as opposed to Cloud) and what does not. In Endpoint you can configure a proxy (individually for the Primary and Secondary  location) in the updating policy (similarly for a SUM's Source). Guess the Endpoint product (at least its AutoUpdate component) doesn't use WinHTTP.

    mkinstpkg ... proxy server

    Sorry, no experience, can't say if mkinstpkg will ask for an optional proxy (guess it does and it's easy to find out). Anyway to clarify, the PrimaryUpdateSourcePath (or whatever mkinstpkg calls it) must point to a valid CID (either deployed by SEC or a Linux host) or Sophos. You should be able to specify a proxy (if not with mkinstpkg) with savconfig (or perhaps savsetup). Please note that updates from Sophos have a format and structure which are different from those in a CID.

    Christian

    :56462