Hi all!
We recently acquired the Casper suite and have decided to make internet based client management available for all our users. Currently, only users on the network or connected to the VPN are able to connect.
I have contacted support and they are doing some research, but thought maybe some in the community have done this before.
We will point everything to casper.domainname.com and regardless of internal or external, you will hit this management/distro point. This means we need to have everything as locked down as possible.
The server we have setup is a windows 2012 R2 server. Ideally we would have this behind an F5 Big-IP load balancer. This would remove the need to poke holes and expose to the machine through the firewall. We already have a wildcart cert from Entrust that we can use.
A few questions:
1) How do we change the cert from self-signed to use the 3rd party? Would this require changing the clients and how big of a hassle is it?
2) Right now, there is no real authentication that happens -- this seems to be a security issue, yeah?
3) I've found a few people have talked about using an F5 load balance by googling this information, so it's clearly been done before. How does the load balancer work in regards to casper and certs.
4) If you have done the process, have you had any security issues with doing this?
