Occasional contributor

Internet Public Available Beacon?

Jump to solution

Hey Everyone!

Anyone here already deployed an Internet Public Available Beacon? I ask this as on my trials the policy always update the beacon location from the internet domain to the internal network/domain location. For example: (From beacon.flexera.com.br to beacon.domain.local).

Now, I know that in the cloud version this is perfect fine, but how to do it in the on-premise version?

Thanks!!

1 Solution

Accepted Solutions
Flexera
Flexera

Re: Internet Public Available Beacon?

Jump to solution

I would make the public address the only one available and block via firewall the ability to connect to HTTP (or HTTPS depending on config - but I'd expect HTTPS in the DMZ). This way it's only accepting connections from folks "outside the office" rather than "in the office". 

You will need to configure the "External" DNS entry in the Beacon Config. Instructions for that can be found in our KB here: https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/How-to-configure-the-beacon-to-use-a...

View solution in original post

6 Replies
Flexera
Flexera

Re: Internet Public Available Beacon?

Jump to solution

For On-Premises customers that require a Beacon that is publicly available from the Internet, they install the Beacon within a DMZ.  They then define/allow a path from the Beacon Server into their network back to the Application Server, either directly or through a Parent Beacon.

Occasional contributor

Re: Internet Public Available Beacon?

Jump to solution

Thanks Kclausen!

But a quick question. How do you make the agent connect to the public address of the beacon instead of the internal network one. Every time I change that parameters in the registry, the policy is downloaded and it changes it back making the agents lose the connection with the external beacon.

Flexera
Flexera

Re: Internet Public Available Beacon?

Jump to solution

I would make the public address the only one available and block via firewall the ability to connect to HTTP (or HTTPS depending on config - but I'd expect HTTPS in the DMZ). This way it's only accepting connections from folks "outside the office" rather than "in the office". 

You will need to configure the "External" DNS entry in the Beacon Config. Instructions for that can be found in our KB here: https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/How-to-configure-the-beacon-to-use-a...

View solution in original post

Flexera beginner

Re: Internet Public Available Beacon?

Jump to solution

Klausen,

Where I could find consolidated instructions to well harden a Child Beacon Inventory server at the Internet, in a DMZ?

- To enforce any security controls at the communication level between the Agent and the Internet Child Beacon Inventory server, up to involve an authentication;

- To protect the Internet Child Beacon Inventory server again unauthorized access, malicious access from the Internet, to only allow from the Internet communication from authorized Agent.

- To harden at the maximum the Internet Child Beacon Inventory server (Windows Server, IIS, …)

Thank you.