Transcription
Client Relay AffiliationPreventing Cross-Site Communication Copyright 2017 The Kroger Co., Confidential1
Ideal Relay setup forLarge/Medium BigFix Arch. Copyright 2017 The Kroger Co., Confidential3
How Named Affiliation Works123-ab001789-xy789 Copyright 2017 The Kroger Co., Confidential(blank)4
How do we map relays AD SiteSet distinct names toIP address rangespecific networks/rolesDHCP DomainWeb ServiceAny consistent/unique string across yourenvironment Copyright 2017 The Kroger Co., Confidential5
Traveling PC Example Copyright 2017 The Kroger Co., Confidential6
Failed Site RelayBy setting distinct Seek Listsfor each relay, you preventthis scenario Copyright 2017 The Kroger Co., Confidential7
" BESClient Register Affiliation SeekList"Update Example (AD Site) Activate Directory Sites & Services is primarilyused to map DC -to- network LANs, but we canuse it for more Copyright 2017 The Kroger Co., Confidential8
SeekList Client Update Triggers “Net Signature” client property AD Site Registry (client registry) -vs- stored ADSite Property Has a valid IP address Copyright 2017 The Kroger Co., Confidential9
SeekList Update Triggers Copyright 2017 The Kroger Co., Confidential10
SeekList Update Action Script Copyright 2017 The Kroger Co., Confidential11
SeekList Update Action ScriptWhen you set up this policy action, be sure to set low retry intervals on failure Copyright 2017 The Kroger Co., Confidential12
AD Site for non-Windows Quest’s QAS command: “vastool info site”outputs AD Site If non-Windows machines are in data centeronly, use a fixlet Copyright 2017 The Kroger Co., Confidential13
Addressing “Failover” Failover is when a client communicates withthe core or failover relays You should have policy actions in place tocheck for and remediate (if possible) Copyright 2017 The Kroger Co., Confidential14
Addressing “Failover” Lower client download speeds if connected tothe “Fail Over” servers Copyright 2017 The Kroger Co., Confidential15
Failover Client Relay Relevance Copyright 2017 The Kroger Co., Confidential16
Failover Client Relay Action Copyright 2017 The Kroger Co., Confidential17
Automatic Relay Configuration New sites come on line and we don’t want tohave to managed them one by one Use the same logic you use to configure theendpoints to configure your relays Copyright 2017 The Kroger Co., Confidential18
Affiliation AdvertisementList Fixlet Copyright 2017 The Kroger Co., Confidential19
Affiliation AdvertisementList Fixlet Copyright 2017 The Kroger Co., Confidential20
Methods NOT to use Ggroup membership to trigger SeekListupdate– Groups don’t update quick enough– Faster to update if you build the logic in Relevance Copyright 2017 The Kroger Co., Confidential21
Affiliation Obstacles Client loop times– Long Loop times prevent SeekList update Content delivery race conditions– Files being downloaded before SeekList/Relay update Action Prioritization– Guaranteed action evaluation times (every X minutes) Should be built into the core client functionality? Copyright 2017 The Kroger Co., Confidential22
Published Fixlets https://bigfix.me/user/masonje Client Seek List– https://bigfix.me/fixlet/details/23802 Set AD Site property– https://bigfix.me/fixlet/details/23805 Contact: jon.mason@kroger.com Copyright 2017 The Kroger Co., Confidential23
Questions Copyright 2017 The Kroger Co., Confidential24
Title: Client Relay Affiliation
