How to connect to beacon(s) from Flexera agent two ways via secure access and via internet
Sometimes it takes a days weeks or months when a client device (laptop) is able to send his inventory because it needs to be connected to internet and have access to a beacon.
In most of the cases the user is connecting through a secure access application from home towards his office environment in the client network. The beacon is also placed in the client network so office users can reach the the beacon and also home users via the secure connection.
But the are also users who not connect via secure access to office environment if it is not needed for their work. This means these devices cannot send it towards the beacon in client network.
I want to solve this and I'm thinking about setting up a second beacon in the DMZ which is reachable via internet access and via a firewall it is connected to the beacon in the client network or the FNMS servers in the server network.
Any idea how it works or how you have solved this ?
Re: How to connect to beacon(s) from Flexera agent two ways via secure access and via internet
Hi Frank,
You need to limit external access to this DMZ Beacon somehow (a firewall, specific external IPs that will access, specific ports). Without that, I really wouldn't open a Windows machine to the internet. Consider using a reverse proxy. If anything, run this only via SSL.
Have you thought about alternatives? Are these clients managed somehow? Can you deploy scripts to them?
Best regards,
Markward
Softline Group is Europe's leading independent expert in Software Asset Management.
Re: How to connect to beacon(s) from Flexera agent two ways via secure access and via internet
Hello Markward,
Yes the clients are managed remote like installing new software, updates, etc.
When working at home it is not really needed to setup a secure connection to the work environment if you don't have to access specific application you need or files on file-servers in the network. I.e webmail, community flexera or other applications can be reachable via internet and do not have the need to make first a secure connection.
Because of this situation I'm looking for a solution for the wish I have mentioned in my post. This to have always an inventory of these devices.
i don't know if my described solution via DMS is the solution. I hope some of you have experience in this and have a best practice solution.
In the mean time I'll ask my technician about your suggestion reverse proxy / SSL.
