How To: Set Up an Additional Cloud Services Appliance to Distribute Client Connections Between Two or More Appliances

Version 7

     

    Environment

     

    LANDESK Cloud Services Appliance

     

    Problem/Issue/Symptoms

     

    Unable to take remote control through Cloud Services Appliance - Maximum number of connections reached

    While trying to remote control a device via gateway, you may receive the following error message: Failed short session connection to the gateway (10)

     

    Cause

     

    There are more clients connected to the Cloud Services Appliance than the maximum allowed, according to the LANDESK recommendation:
    http://community.landesk.com/support/docs/DOC-30535

     

    Solution

     

    Set up an additional Cloud Services Appliance (from now on CSA) to distribute the client's connections between two (or more) appliances.

     

    There is no difference in implementing a physical or a virtual appliance, or in a running an all physical, an all virtual or a physical/virtual combination of CSAs.

     

    In the presented scenario, the second appliance will be using a different static public ip address than the first appliance.
    The LANDESK Administrator will Configure which devices connects to which CSA.

    Once the second machine has been installed and configured, the first thing to do is adding it to the Core Server from the menu Configure > Manage Could Services Appliances on the core’s Management console.

     

     

    CSA_settings.png

     

     

    In the current scenario, the existing (primary) CSA is called ldcsa43.lab.com, while the new, added one (secondary) is called ldcsa43b.lab.com.

     

    Here is how to configure the core for a Cloud Services Appliance:

    http://help.landesk.com/Topic/Index/ENU/LDMS/9.5/Content/Windows/csa_h_help.htm

     

    Distributing the client connections - the manual, LANDESK Administrator controlled way

     

    In this scenario the LANDESK Administrator manages which client connects to which CSA, setting up a second client connectivity setting and deploying it to the clients are being connected to the new CSA.

     

    What we need are two different settings, one making the managed device pointing to the primary core and the other pointing to the secondary core.

    To do so, let’s add a second connectivity setting from the Management Console, menu Tools > Configuration > Agent settings > Client Connectivity

     

     

    secondary_csa_client_connectivity.png

     

     

    At this point we need to create a policy to deploy the connectivity settings for the managed nodes we want to connect to the secondary CSA, from the same window.

     

     

    change_agent_settings.png

     

     

    Select the option “Create a policy” and in the client connectivity section select the settings pointing to the secondary CSA.

     

     

    create_policy_change_client_connectivity.png

     

     

    At this point a policy is created in the scheduled task window.
    Simply drag and drop the machines you want to connect to the new CSA and start the task to make the policy available to them.
    These clients will download the client connectivity settings next time they run policy.sync, according to their agent configuration (in the LANDESK Agent configuration, section Software distribution > Policy options).


    The change of connectivity is immediate, although a connection to the primary CSA might remain active until the LANDESK Remote Control Service is restarted or the target device is simply rebooted.

     

     

    policy_made_available.png

     

     

    Distributing the client connections - the automated way

     

    In this scenario, the client connectivity settings are changed on the clients using the Adaptive settings feature:

    http://help.landesk.com/Topic/Index/ENU/LDMS/9.5/Content/Windows/security_adaptive_o_overview.htm

     

    Adaptive settings can modify the client connectivity settings (including then which CSA to use to connect to the core) according to the geographic position or a specific ip address range. To implement this solution then, the managed nodes must be aware of their geolocalization or the administrator must be able to separate them using an ip address range.

     

    Here is an example of two different geofence adaptive setting rules associated to a client connectivity setting:

     

     

    adaptive_settings.png

     

    adaptive_settings_western_area.png

     

    adaptive_settings_eastern_area.png