AVG Admin Shared Amoung Customers across NAT

Assistance with AVG Admin, AVG Internet Security Business Edition, AVG Anti-Virus Business Edition, formally called "Network Editions"

Moderator: Moderators

AVG Admin Shared Amoung Customers across NAT

Postby anchornet » Fri Dec 14, 2007 11:49 am

I manage the IT infrastructure for several small businesses. Many of these business don't have a server or any other centralized system.

For AV, I've been installing AVG Network because it's part of another service we subscribe to so other AVG products are not considered for these deployments.

I've been mulling installing AVG Admin on a dedicated server at one of the Internet hosting companies in order to provide some sort of reporting and control for a lot of these systems in various networks where either AVG Admin can't be installed or doesn't make sense. Entering several licenses in a single console does not seem to be a problem.

The problem seems that AVG Admin leverages two-communication between the Data Center and the desktop/laptop running AVG Network. In my deployment scenario, there would only be one-way initiation of communication -- when the client made a request to the server. The server could not initiate a connection due to the client most likely being on the other side of some NAT device.

While this is less than optimal, it's far better than having no control or reporting. Is this practical and are there any issues or side-affects which I should be aware of in doing this?
anchornet
AVG Wannabee
 
Posts: 7
Joined: Fri Dec 14, 2007 1:48 am

Advertisement

Web Hosting

Postby sc123 » Fri Dec 14, 2007 1:01 pm

I can't give you a definate Yes or No, but I would have to say that this scenario most likely will not work, or will not work very well. NAT will destroy most of the AVG Admin functionality as AVG Admin is not meant to be used over a WAN or the Internet. Typically I have to disable all software firewalls on an internal network to ensure complete AVG network functionality, most likely due to the SMB protocols being used for installation and updating. I'd suggest using a workstation that isn't in use as a "server", as you don't need an actual server OS to run AVG Admin, and setting that workstation up for remote control for you to be able to administer it from outside the network. That workstation can handle all of the AVG Admin and reporting functionality for that particular network.
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2095
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA

Postby anchornet » Fri Dec 14, 2007 1:20 pm

I wouldn't use Admin in this scenario to mirror updates. I would set the policy for the clients to do their own updating from AVG's servers.

I would use it to merely be a repository of policies (test schedules, feature accessibility, etc) and for clients to post "test" reports. Obviously new policies could not be pushed, but retrival just might be all that I need.

A couple of these clients are totally mobile. It's an office with a wireless access point and a couple of printers. This brings up another issue with Admin in that AVG Network complains that it can't reach Data Center when the laptop is out of the building. It's a warning that customers get all too accustomed to ignoring. Putting Data Center outside the office to some degree solves that problem.
anchornet
AVG Wannabee
 
Posts: 7
Joined: Fri Dec 14, 2007 1:48 am

Postby sc123 » Fri Dec 14, 2007 1:33 pm

There is no good solution with AVG network products and mobile devices. The best thing I've come up with is to configure them as standalone workstations, i.e. install AVG Network Edition locally on the notebooks and setup policies locally and set the notebooks to update from the Internet.

As for the other workstations, I doubt you'd be able to get the database communications to work very well over an Internet connection. Possibly a VPN could be used, but even that may not work if NAT comes into play.

One idea might be to setup a VPN from your central AVG Admin server to your remote sites. If they all used the same internal private IP settings you may have to setup several network interfaces on your AVG Admin server and have multiple VPNs running at once. Check out the TheGreenBow VPN Client as that is a good application for this sort of job.

I think that unless you use a VPN you're going to have client errors and not receive info from the workstations. Let us know how it goes and what you end up doing!
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2095
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA

Postby anchornet » Fri Dec 14, 2007 9:29 pm

So I'm giving this a try to see what happens. So far I have AVG Admin using SQL Server Express on a GoDaddy Virtual Win2k3 server. I have one desktop installed with AVG Network Edition.

Results are not bad. Obviously I cannot remote install so the installation must be installed manually and I have to choose "Custom" in order to get the Remote Administration.

I set Data Center to "Monitoring" mode rather than the default "Mandatory". I also set it to distinguish users by Computer/Domain Name. I also found that I had to modify the "AVG DataCenter connection string" in shared settings for stations to the fully qualified domain name of the server as the default installation only puts the machine name. Failure to do that will cause the client to connect once, change the initial setting and never connect back.

I also set some random default values for stations and users to see how they load.

As soon I installed AVG Network and set the remote connection, the new default settings were downloaded from the server and machine information was uploaded. Perfect.

I can also change values on AVG Admin and those changes will get propogated down to the client on its regular synchronization cycle. Excellent.

I also tested Resident Shield alerts using EICAR. Worked instantly and like a charm. Exactly what I was hoping for.

What I can't do:
I can't ask stations to reset configs, ask for test results or perform updates. This is because it stores the local IP address of the client. For example, if the client is on 192.168.1.144, the AVG Admin can't route there so you won't see any inbound attempts on your firewall log.

Requests show up as uncompleted in AVG Admin but can be easily deleted.

While far from ideal, it does seem to have the potential to give me more control and knowledge about what is happening at many of my smaller sites that I had before.

I'll post more as I find out more.
anchornet
AVG Wannabee
 
Posts: 7
Joined: Fri Dec 14, 2007 1:48 am

Postby anchornet » Sat Dec 15, 2007 2:08 am

I take it back. Even tasks that I submit to an end client still happens at the next synchronization of that client. They just sit in the "uncompleted" queue until the client touches base with the Admin tool.

While I'm still new to AVG, I can't figure out what functionality I'm missing with this sort of configuration other than the ability to perform remote deployments. And that I can't push configuration changes immediately.

Is there something you would like me to try that you think might fail?
anchornet
AVG Wannabee
 
Posts: 7
Joined: Fri Dec 14, 2007 1:48 am

Postby sc123 » Sat Dec 15, 2007 10:05 am

All of that is working with no port redirection and NAT and a firewall in place on the client side? I'm surprised!

I don't think remote updating would work, but since you're using the Internet update option on the workstations you've bypassed this.

I know using AVG Admin to install/uninstall workstations will not work in this scenario, but you have acknowledged that. I would see this as a major problem, since that is one of the key uses of AVG Admin. If you don't then perhaps you've found a good work-around for your needs. I know that at some point you'll wish it did work, but maybe one day AVG Admin will allow you to do so in your scenario - but I wouldn't bet on it.

One major issue I can think of is with workstation and user configuration options in AVG. What if you want to configure different options for different clients? This would be especially important for AVG Internet Security users with Anti-Spam and Firewall options. I think this could be a hurdle as well.
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2095
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA

Postby anchornet » Sat Dec 15, 2007 12:14 pm

Ya, you're right about not being able to set multiple profiles for different clients. That is a shortcoming of AVG's admin tool vs other platforms. Fortunately for my purposes that's not too much of an issue as we only use hosted anti-spam solutions and I was never fond of 3rd party firewalls. I can't set in-office/out-of-office profiles though group policies for the built-in firewall is great.

Anyway, how do you remote uninstall? I figured for installation I would use the S-Tool to create an installation folder. We already use an agent for remote installation.

I think for our purposes, using this for our smaller, very mobile clients, is much more effective than installing and being blind as to what is happening after the fact. For the larger ones, we'll probably continue to deploy distributed AVG Admin consoles.
anchornet
AVG Wannabee
 
Posts: 7
Joined: Fri Dec 14, 2007 1:48 am

Postby anchornet » Sat Dec 15, 2007 12:18 pm

Hey I just noticed that if I right click "Stations" I can create new groups and I can set separate policies for that group. Wouldn't that allow me to have separate controls for different clients?

And going through the firewall config perhaps I have the wrong impression about AVG's firewall. They list computer in domain and computer on the move. Does the firewall automatically detect and switch?

Oh, late last night I also switched AVG Admin from Monitoring mode to Mandetory and set the access password. Those controls were properly distributed to the now 3 workstations (2 XP and 1 Vista).
anchornet
AVG Wannabee
 
Posts: 7
Joined: Fri Dec 14, 2007 1:48 am

Postby anchornet » Sat Dec 15, 2007 12:37 pm

I think I also need to set blackhole routes on the colocated AVG Admin server for private subnets to prevent packet leaking off the server. I just did a tracert for the subnet 192.168.1.x and it passed through 5 routers before being dropped. There's no need to be rude on the network if AVG Admin is trying to connect to local hosts.
anchornet
AVG Wannabee
 
Posts: 7
Joined: Fri Dec 14, 2007 1:48 am

Re: AVG Admin Shared Amoung Customers across NAT

Postby stephanieg915 » Sat Dec 31, 2016 8:03 am

Pollution is growing day by day while just about every second point is definitely emitting a number of pollutant in most kind from the natural environment Everybody knows that this is undoubtedly an mind boggling circumstances of course, if we won't carry just about any safety measures it can injury you within a vast approach we take to all generally feel so what can perform in case everybody will some thing upon his/the woman level the illness can be change By using friendly to the environment issues inside every day c[censored] utes could be starting point to your resource efficiency connected with natural environment Many of us are able to do much to create all sorts air pollution free of charge Examine each of our daily utilize content articles your bag an essential point for everyone Most of us utilize bags in some sort whether it be to carry women things and for transporting veggies or another factors Usually we all utilize polly- bags to carry your families and chic leather bags or handbags Little doubt these kinds of natural leather handbags get put into modern society and so heavy it problematical to exit these at the same time Nevertheless eco-friendly bags are not only beneficial for atmosphere nevertheless elegant also The time is transforming business women began to hold eco-friendly bags with no reluctance Most people are adding to for that enhancement associated with atmosphere which bag creative designers do that using their sideEco welcoming bags are constructed with natural items mainly associated with jute or even outfits Precisely why these are typically known as friendly to the environment is bio-degradability These are generally crafted from these resources which in turn cause no damage to the character Handbags designers are going to do efforts to produce these kind of natural bags a growing number of elegant beautiful to get buyers upon huge scale They can be utilizing materials apparel beans as well as pebbles to help enhance this hauling object At the moment there's not considerably merchandise on the market so you've got several alternatives but it's escalating steadily and soon you can able to select from a large range of bags as with any other kind of bags They have a distinct hint associated with nature and are while valuable since the others There are lots of handcraft organization that are making these kind of bags in large amount in order to ensure it is noticeable in the marketplace as the the best way to seem most of these bags the more they are available forward to have used them Because this is any time of favor and magnificence kids are able to pay out huge sum for that things that get them to popular So on their behalf these types of environment-safe totes are generally are available in different shades and design that match with the actual demand of the Hermes belts actual youngsters These bags are probably the several hand-made articles or blog posts for example necklaces shawls timber content articles and so forth yet among all these kind of this is actually the very useful product not just meets your own qualification but additionally gives a great racial seem in addition to making you environmentally friendly without doing significantly These small things might help a lot and spreading consciousness one of the individuals to make sure they begin caring his or her setting just as much as they can You will notice a lot of people carrying most of these bags along with the time is not much when a most of folks will have got environmentally friendly bags inside their hands
stephanieg915
AVG Know-A-Lot
 
Posts: 33
Joined: Fri Dec 30, 2016 4:06 am


Return to AVG Business Editions and AVG Admin

Who is online

Users browsing this forum: No registered users and 2 guests

cron