How to manage roaming users with Endpoint Central?

Description

It is said that around 60% of organizations that faced a cyberattack in the past two years were from unpatched vulnerabilities. With the danger of a cyberattack luring around, it has become a mandate for every organization to patch operating systems and software as soon as updates are released. The necessity to patch devices are intensified when these updates are vulnerability updates and these need immediate attention. These updates can be immediately address if the devices are present within the network. But, this is not the case when organizations have employees who are in a constant run between places to get their tasks done or when employees have opted to work from home.

Such roaming user devices need special attention not just because they are not available in the network, but for the fact that these devices are connected to non-corporate networks with no firewall to block threats. Some remote users may have the need to conduct video conferences frequently and a patch download occupying a significant portion of the bandwidth is something very dreadful in such cases. These are a few cases which need to be emphasized and taken into consideration when the subject of remote user management comes into picture.

Not to worry, the management of roaming users have been simplified to the extent that a click and forget approach can be taken to manage them! The below given are steps on how to manage remote users using our product:

Prerequisites:

  1. Ensure that the product server is reachable using a public IP address

    The product server should be reachable via a public IP Address*. Configure your external router to ensure that any requests sent to this public IP address are directed to the IP address of the computer in which the product server is installed. For example,

    You should configure your router to direct all requests for x.x.x.x at port 8020 or 8383 and 8027 to y.y.y.y at the respective ports. It is recommended that you make the private IP address (y.y.y.y in the above example) static to ensure uninterrupted communication. 

  2. Configure NAT Settings
     
  3. Go to Admin tab, open NAT Settings under Server Settings and fill in the public IP of the router (or secure gateway, if configured). It is highly recommended to secure agent-server communication using a secure gateway.
    Note: Map your public and private IP address to common FQDN in your DNS to minimize bandwidth consumption. For example, if your FQDN is "product.server.com", map this to both your public (x.x.x.x) and private (y.y.y.y) IP address. 
    • If your public IP address is x.x.x.x
    • And if you have installed the product server on a computer that has the private IP address y.y.y.y with default communication ports 8020 or 8383 and 8027.

Steps to manage remote users:

  1. Create a Remote Office

    • Select Scope of Management under the Admin tab
    • Navigate to the Remote Offices tab
    • Click on Add Remote Office
    • Specify a name for the remote office. For example, Roaming Users
    • Specify your Public IP address as the server's IP address
    • Select Direct Communication
    • Select the desired Replication Policy or you can choose to Create Policy
    • Note:Set the data transfer rate as per the necessity in the replication policy, eg: a low data transfer rate could be used if the users connect with mobile data.

    • Check the Proxy Configuration checkbox and fill in the details if there is a proxy in effect
    • Click Add to finish adding the remote office
  2. Install the Remote Office Agent in Roaming Users' Computers

    • Select Scope of Management under the Admin tab
    • Navigate to the Remote Offices tab
    • Download the agent of the remote office that you created
    • Install the agent in the computers of all remote users manually (Automated agent installation will not work as the device is not connected to the corporate network)

When these roaming users connect to Internet, the agent installed in their devices will contact the product server to gather information about configurations available on a periodic basis.

Learn about managing users who move between offices