2 Replies Latest reply on Oct 19, 2015 11:09 AM by carlos

    Software Distribution general questions

    carlos Expert

      1. A preferred server can be any machine with a share (read only) correct?

      2. Does it needs to have an agent?

      4. Which account should be used for this share? Since we need to enter the credentials in the preferred server settings, would this be a local account? but wouldn't this credentials be passed creating a security risk?

      3. A replicator is yet another machine that serves just as controller?

      4. The source is the Core (or preferred server where the files will be taken from)?

       

      I appreciate your recommendations.

      Thank you.

        • 1. Re: Software Distribution general questions
          Peter Massa Expert

          1.  It can be, however it should ideally be a fixed IP host that has high availability.  It should also have plenty of free HDD space.  The high availability part is key, if the preferred server is offline too often, clients will black list the host and stop attempting to download files from it.   Which means they may default to a preferred server that is further way, but of higher reliability.


          2.  The preferred server does require a LANDESK agent in order to accept replication commands as a replicator.  It also requires the vulscan technology to be installed as this is what it uses to copy files.  Technically speaking only the Replicator requires having a working agent installed.  But the console does require a inventory record for each preferred server so that it may be assigned for use.  In short - yes all of them require an agent to be on them.


          3.  I would recommend creating two active directory service accounts that will ONLY be used for this service of LANDESK.  The first one should be granted Read Only access to the shares, nothing more.  This account's credentials are shared with clients on the fly when they need to download software from a UNC share or HTTP share.  The LANDESK agent also runs as the SYSTEM account on your end-points which will grant the agent "domain computer" privileges; so many people grant domain computers read only access instead, however HTTP auth will no longer be an option then.  The second account should be granted Full access to the shares.  This is the account that you will enter in as the write access account and will do the actual replication.  This account is never shared with clients so you have no need to be concerned about it being compromised like the Read only account.  Never mix the two accounts; e.g. entering the write access account into the read only section - or this account will be shared to clients.


          4.  The replicator is a preferred server that you have "promoted" into a control role.  It is responsible for looking at the source and the other preferred servers and determining which files need to be transferred it then starts those transfers.


          5.  Correct - the source is the origin point for the files.


          Hope this helps,

          Peter

          • 2. Re: Software Distribution general questions
            carlos Expert

            Peter, THANK YOU for your answer, it is very clear, I was behind of other deployment tasks, I got it to work locally (making my core the preferred server) but haven't been able to get it to work suing another machine.

            I just wanted to mention that I did read your answer, I'm just waiting to roll back to this as soon as I can.

            I'll get back with more specific questions.

            Thank you.

             

            EDIT: This answers the questions I had regarding this topic, Peter answer is GREAT.

            I'll open another discussion with some problems I'm having setting it up.