cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
robg3381
Level 9
Report Inappropriate Content
Message 1 of 6
‎11-04-2019 02:09 PM

EPO OnPrem & AWS Conflicts

We have ePO 5.10 on-Prem and we have a newer acquired company that has a presence in AWS.  We've been tasked with integrating those instances into our on-Prem EPO.  Network connectivity is already there, etc.  We have also found out there are some IP conflicts with same IP in AWS and internal which could create some communication issues.  I've been debating whether or not this setup could be architected better by either putting a separate EPO in AWS and letting all of AWS report to that EPO and just have them be registered servers of each other.  Or...putting a RelayServer there.  I'm not sure what might be best practice in kind of a situation. 

 

Note - we are not licensed for any of the Cloud Workflow products.

0 Kudos
Reply
5 Replies
cdinet
Employee
Employee
Report Inappropriate Content
Message 2 of 6
‎11-04-2019 02:36 PM

Re: EPO OnPrem & AWS Conflicts

What about transferring systems from aws to epo on-prem?  Are you able to register the on prem to aws server for the transfer?  

As far as conflicting IP's go, that should be able to be handled by dns.  Systems will try by IP, NetBIOS and fqdn to connect to the server.  

The ultimate thing is to decide what you really want to accomplish.  If the goal is easier management and consolidated reporting, management, etc, then getting all the systems on one epo server or the other would be the best option, however you choose to do it.  Just registering the servers with each other won't really accomplish much unless you do something with that registration,  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
robg3381
Level 9
Report Inappropriate Content
Message 3 of 6
‎11-05-2019 01:43 PM

Re: EPO OnPrem & AWS Conflicts

@cdinet 

Currently we only have 1 EPO which is on-prem.  I was debating if standing up an additional AWS server to handle AWS clients would be a better approach rather than having all clients in AWS report back to primary on-prem EPO as they are now.  

 

I just wasn't sure if there were any edge cases where EPO would try to use IP over DNS record (e.g. doing a wake-up call) first and therefore communicate with the wrong client instead of the intended one.

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 4 of 6
‎11-05-2019 02:22 PM

Re: EPO OnPrem & AWS Conflicts

Whether you do that or not all depends really on what you want to accomplish and if there truly are IP range overlaps, that might be your best option.  One thing, however, in server settings, there is an option for agent contact method, where you can set the priority of how epo will contact the clients first, whether it be IP, NetBIOS or fqdn.  If it can't reach the system by the first priority method, it will still try the other 2.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
robg3381
Level 9
Report Inappropriate Content
Message 5 of 6
‎11-06-2019 11:40 AM

Re: EPO OnPrem & AWS Conflicts

Thanks.  Yeah unfortunately we've seen DNS issues as well in some spots as well.  But yeah we are 100% sure there are overlaps of IP's between internal clients and aws clients.  

 

Our contact order is 1-IP, 2-FQDN, 3-Netbios.  We changed that from the default as we had issues with DNS and things have been much more reliable since then.  

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 6 of 6
‎11-06-2019 12:51 PM

Re: EPO OnPrem & AWS Conflicts

Honestly, you might run into the same issues, unless there are separate dns servers for the 2 environments (the one you acquired and original network).  Otherwise, you might want to consider reworking the network config to eliminate that overlap.  I know that is easier said than done in many cases.  If the 2 environments are separated sufficiently, as un a sub domain type environment, your separate servers may be fine.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC