How to manage endpoint computers that move between different networks

  • Article ID: 110340
  • Updated: 19 Dec 2013

This article provides an example of how to correctly configure an endpoint computer's parent address if the computer moves between different network locations (e.g., different offices or company sites) so that you can continue to manage the computer and receive status messages from it.

Applies to the following Sophos product(s) and version(s)

Enterprise Console 5.2.1 R2
Enterprise Console 5.2.1
Enterprise Console 5.1.0
Enterprise Console 5.0.0
Enterprise Console 4.7.0
Enterprise Console 4.5.0

What To Do

The load balancing of message relay servers (i.e., configuring an endpoint computer's reporting address to attempt to connect to more than one message relay server) may cause problems and is not supported.

If a large number of computers are configured to report to more than one relay server a build-up of downstream messages (from the management server) can occur on one or more of the relays.  This is due to the management server recording the last known location of the endpoint computer (i.e., which relay the computer last reported from) and will attempt to send all current messages via that relay.  If the endpoint computer subsequently reports via a different relay the management server will switch to sending messages to that relay and all previous messages will remain in the envelopes folder on the now inactive relay server.

The diagram shown below shows how you should configure the parent address if the endpoint computer moves between networks.

Notes:

  • The mrinit.conf file does contain ip address, FQDN, NETBios but importantly these three addresses are all the same server.
  • For more information on configuring message relay servers across a WAN (e.g., the Internet) see article 50832.
  • Due to the 1-2-1 relationship between a client and the server it reports to you must ensure that each message relay server contain a distribution point that has a correctly configured mrinit.conf file for computers reporting to and updating from it.
  • If an endpoint computer is to move between sites it should be configured to always report to the same message relay server regardless of location.
  • The updating location of a computer and its reporting configuration are linked. Therefore do not set a backup updating location that points to a distribution folder containing a different mrinit.conf file.

 

diagram


 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments