2.24.2 Managing devices connected via the Internet

(1) Managing connected devices

Devices connected via the Internet are managed as described below.

Prerequisites

The following prerequisites apply to devices managed through Internet connection:

• Only devices (computers) running Windows as the OS can be managed.

• An agent must be installed on each computer to be managed.

• The network monitor must be disabled on managed computers.

Important

Agentless devices cannot be managed.

Important

Whenever a managed computer is taken out of the company for use, Wake on LAN and the AMT BIOS setting must be disabled to prevent inadvertent activation of the computer.

To manage devices through Internet connection:

In the Agent Configurations view of the Settings module on a managed computer, select Basic settings, and then the Perform HTTPS communication with the higher system via the Internet Gateway check box.

If you enable this setting, the agent communicates with the management server and the relay system via the Internet gateway.

Network connection control

A managed computer used outside the company is not subject to network connection control.

Furthermore, when a managed computer is used outside the company, an IP address that is different from the one managed in the internal network is set. For this reason, if network connection control is performed based on a network control list with IP addresses used for judgment, network connection control for managed computers might not work properly. For this reason, we recommend that you use MAC addresses for judgment when performing network connection control based on a network control list.

Switching the connection destination of managed computers which brings to inside of the company

You can operate the managed computers connect to the management server or the relay system directly when they are brought to inside of the company.

To disable connection to the Internet gateway from managed computers inside of the company, you have to edit both the firewall and proxy server settings. For details, see the description about managing devices used outside the company in the manual JP1/IT Desktop Management 2 Administration Guide.

To Page Top

(2) Precautions for managing devices via Internet connection

You have to observe the following precautions when managing devices via Internet connection:

When communicating with a higher system via the Internet gateway

• The automatic or manual security measures are executed when a polling from the agent occurs.

• The computer operation performed by an administrator is executed when a polling from the agent occurs.

• The distribution of software and files by means of ITDM-compatible distribution is executed when a poling from the agent occurs.

• The software and file distribution job that uses Remote Installation Manager is executed when a polling from the agent occurs.

• When collecting files with large capacity exceeding 1 GB with the remote collection function, change the setting for Communication Settings - Communication Error Settings - Timing to assume that a communication error occurred - Assume that a communication failure occurred if no response is received from communication software within the specified period of Agent Configuration to 120 minutes. If the setting value is increased, when there is no response from the server due to a temporary failure such as communication failure or server failure, it takes time until it is assumed as an error, so the time to the next polling will be longer. After changing the setting, wait for the amount of time (or longer) specified in the Basic Settings - Timing of Communication with the Higher System - Polling Timing - Periodically perform polling on every system startup.

• When distributing packages of 50 MB or more using the Remote Install Manager, communication timeout may occur, distribute by splitting the package to size within 50 MB.

• If ITDM-compatible distribution fails while in progress due to a communication error, retry at the next polling timing.

When managed computers are connected to the internal network

• If, while a managed computer connected to the internal network is turned off, the management server issues a request with the setting that enables automatic activation by means of Wake on LAN or AMT enabled, the request is received upon the occurrence of a polling at the time of system startup. Under this circumstance, a request might be executed with lower delay compared to when the managed computer is turned on.

When managed computers are connected to a network outside the company

• When network connection is cut off or allowed based on the judgment made in accordance with the security policy, the network control list is updated, but the control of the network connection of computers used outside the corporate network is not performed.

• Computers used outside the corporate network cannot be activated by Wake on LAN or AMT.

Switching the connection network of the managed computer

Before the Distribution that Uses Remote Install Manager job to the computer in the internal network environment is completed, if you take the computer out to the Internet environment, the job will be interrupted. The job will resume when the computer reconnected to the internal network environment.

Also, before the Distribution that Uses Remote Install Manager job to the computer in the Internet environment is completed, if you bring the computer back to the internal network environment, the job will also be interrupted. The job will resume when the computer reconnected to the Internet environment.

To Page Top