That is exactly true. The appliance just brokers the connection.
AND the package must reside on an HTTP share that is accessible over the Internet; the appliance plays no role in actually sending the package to the client
Let me clarify this statement a bit more:
1. The package can be on an share accessible local to the agent or over the internet. If you have a remote site with a bunch of computers it can be a share at the remote site or a web share at that remote site and peer download will work between devices on that remote site.
2. The package can be hosted inside your corporate network only if it is on the a Web Share on the Core Server. It cannot reside anywhere else internally but the Core Server.
2. You can play some tricks with this one - may or may not be supported by LANDesk. Create a Virtual UNC on the core server pointing to your package share.
I appreciate all responses I received in response to my question. Bear with me as I rephrase what I have read, just to be sure I understand the requirements of the LDMG appliance. If the client is on a different network such that it cannot access shares on the Core Server, then an externally accessible web share is the only way to make the software packages accessible to the client. (I suppose an MDR could have tow NICs, so it can access the Core Server share, but this would defeat the purpose of using the LDMG.)
Since I am not an expert on IIS, I would then wonder if permissions may be set on a web share such that only computers from certain IP ranges may acces it. Does anyone know if this is an option?
High Plains Library District
Yes, IIS can be configured to only allow traffic from certain subnets.
Right click on the default web site and go to the Directory Security tab and click on Edit under IP address and Domain name restrictions.
Now you have to be careful and look at the IIS log. I am not sure if the IP Address of the remote client is used or if it is the IP Address of the Gateway, or even a local host request from the Core Server. A quick connection from a remote device and a look at the IIS log will tell you what IP Address is being used. I dont' have the gateway turned on (vmware shutdown) or I woudl test.