Configure the Full-Service Satellite Server

Make the following changes if the Configuration server on full-stream Satellite server does not communicate to the HPCA agent on the default port, 3464.

You must enable SSL on the full-service Satellite server that will serve as an access point for devices from outside the corporate network.

You must expose an HPCA full-service Satellite server to the public Internet in a network DMZ. This subjects the Satellite server to a greater risk of attack than in a traditional corporate environment or VPN. To avoid such risks, only the following ports should be open on the full-service Satellite server.

In addition, to restrict the risk of attack, the HPCA services offered by the full-stream Satellite server should be limited to those required by Internet-facing clients. For example, if OS Management is only used on the local or corporate network, the full-service Satellite server in a network DMZ should not have OS Management enabled.

Note: If your environment uses load balancers to manage the load on the full-service Satellite servers that are outside the corporate network, make sure that the load balancers support the HTTP CONNECT method.


© 2003 - 2012 Hewlett-Packard Development Company, L.P.