Question
How does one setup Public Site Server and configure an Agent collection through the Public Site Server?
Overview
Public Site Servers are used to collect from machines that are not on the internal network or VPN. Agents can then be set up to periodically "phone home" to the Public Site Server to get any queued jobs issued to them.
This guide will focus on the settings that are unique when setting up a Public Site Server. For an explanation of all settings available in the Site Server Configuration tool, please refer to Configuring Site Server.
Prerequisites
- A functioning environment with at least one Site Server.
- A DMZ where the Public Site Server can reside.
- Allow bidirectional communication between the Parent Site Server and the Public Site Server over port 54545.
- Allow bidirectional communication between the Public Site Server and the Internet over port 54545.
Site Server Setup
The following IPs are used in the examples below:
- Parent Site Server - 10.2.3.51 (internal IP)
- Public Site Server - 10.2.3.52 (internal IP); 153.20.16.87 (external IP)
- Install a Public Site Server in the DMZ.
Note: As long as the DMZ machine is only running PostgreSQL and the Public Site Server, this machine can be off-domain and Public Site Server can be run by the "Local System" account. - Open port 54545 between the Parent Site Server and the Public Site Server.
- Expose port 54545 of the Public Site Server so that it can be seen publicly.
- In addition to the basic settings, configure the following on the Parent Site Server:
- Type: Set the Site Server type to Root or Private.
- Children Instances: The internal address and of the Public Site Server Instance, in the format IP/FQDN:Port.
- In addition to the basic settings, configure the following on the Public Site Server:
- Type: Set the Site Server type to Public.
- Internal Addresses/FQDN: Internal (on-network) IP or FQDN of the Public Site Server. This address must be visible to the Parent Site Server Instance over port 54545.
- External Addresses/FQDN: External (internet-facing) IP or FQDN of the Public Site Server. This address must be visible to the Public Agents over port 54545.
- Parent Instance: The internal address and port of the Parent Site Server Instance, in the format IP/FQDN:Port.
- Public Instances: A list of external addresses and ports of all the environment's available Public Site Servers, including the current one, in a comma-delimited list in the format IP/FQDN:Port. This is used to notify Public Agents if there may be other available Public Site Servers that may be closer/faster.
Note: Upon check-in, Agents will be updated to check in to the addresses in the Public Instances field.
- Confirm that the Site Server Console in eDiscovery shows that both the Root and Public Site Servers are online.
Agent Setup
Public Agents can be installed manually, see Manually Installing the Windows Enterprise Agent using the PUBSS argument to point the the Public Site Server's public IP as show in the example below.
MSIEXEC /I "\AccessData Agent (64-bit).msi" CER="\.crt" PUBSS=153.20.16.87:54545
You can also modify your Agent installer MSI to point to your Public Site Server, so that pushed Agents can use the Public Site Server when they are off-network.
Data Source
Public Agents/targets will automatically add themselves to Data Sources > Computers using Fully Qualified Name (FQDN).
Jobs
Any Computer collection jobs whose IPs are outside of the Managed Subnet ranges of other Site Servers will be assigned to the Public Site Server. By default, each public Agent will check-in every 30 minutes to see if the Public Site Server has a job waiting for it.
Note
Public collection jobs generally take longer than a typical internal collection due to check-ins and internet traffic/speeds.