Where does the Altiris Agent look to download packages from over a VPN connection?

book

Article ID: 180049

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

Question

I have two addresses, let's say 10.x.x.x, which I get from my ADSL modem router. Then I launch a VPN connection to the company network and get hold of a 198.162.x.x. address.
 
When it comes to deploying an application, will the Altiris agent:

  1. Look at the first IP address 10.x.x.x (which may not be associated to a Package Server) and then, therefore, try to install the application from the Notification Server directly?
  2. Or can it work out that the nearest address is 198.162.x.x and download the package from the Package Server in the local country?

Answer
First possibility: "Look at the first IP address 10.x.x.x (which may not be associated to a Package Server) and then, therefore, try to install the application from the Notification Server directly."

When the client checks into the Notification Server and, if the default time to request a new configuration has elapsed, the client will report that the IP Address is 10.x.x.x. The Notification Server will send a policy that the configuration has changed, and that the client needs to request a new client config.xml file. At this point, Notification Server thinks that the client IP address is 10.x.x.x. The client requests the new client config.xml file. It then knows it needs to download the desired package and will download it from the Notification Server.

This default scenario changes if the VPN software creates a virtual NIC on the client computer with the desired IP address 198.162.x.x. Altiris does not control this process; it has to come from the VPN software. If the virtual IP address is created on the client computer and we send an updated configuration while the client is connected to the system, we will use that virtual IP address. Next Site Maintenance has to be set up for the Package Server and then the client will download from the Package Server.

Remember this whole process depends on the VPN Software having the ability to create a virtual NIC on the client computer with the desired IP address assigned to it. Altiris does not control this process.

Second possibility: "For the nearest address is 198.162.x.x and download the package from the Package Server in the local country."

This works only if the following is true:

  1. The VPN Software can create a virtual NIC on the client computer.
  2. Site Maintenance has been set up correctly on the Notification Server
  3. The client sends a updated client configuration request while logged into the system to notify the Notification Server of the virtual IP address.

After that it is normal client communication. The client doesn't know that it is on an VPN connection. As long as the client has a connection to the Notification Server or to a Package Server to download the packages, it will work. Remember the client communicates on Port 80 to download packages.

The only other item you might need to look at is if the VPN clients are trying to connect to a Package Server also on a VPN connection. 

Other related articles on this are article 20855, "Package Servers and VPN connections" and article 21456, "Package Server seems to stop functioning".