What is a Disconnected Console Configuration?

A disconnected console is a remote console that does not have Internet access. The remote console does, however, have access to a local WAN. In this scenario the remote consoles must retrieve the patch files, engine files and data definition files from a networked distribution server rather than from the Web. The central console (which does have Internet access) is responsible for downloading the latest engines, definition files and patches from the Web and for placing these files on one or more distribution servers. The remote consoles can then use the distribution servers to download the required information before performing their scans.

Once the central console has copied the necessary files to the distribution servers, the basic process is as follows:

  1. The remote console downloads the latest files from a distribution server.
  2. The remote console performs a scan.
  3. Based on the scan the remote console performs the necessary patch deployments.
  4. The remote console then rolls up the results to the central console, which contains an aggregate database of all scan and patch deployment activity in the network.

The following figure illustrates this process.

Tasks Performed by the Central Console

In this scenario, the main functions of the central console are to:

  • Download the latest patches, engines and data definition files from the Web
  • Copy the engines, definition files and patches to one or more distribution servers
  • Act as the data rollup console by collecting the results of the scans and deployments performed by the remote consoles

For more information, see Configuring the Central Console in a Disconnected Configuration.

Tasks Performed by the Remote Consoles

Each remote console is responsible for patching itself and any managed machines that are located at the same site. There may or may not be an administrator at the remote site and the remote sites may or may not have Internet access. The main functions of each remote console in this scenario are to:

  • Get the latest engines and data definition files over the WAN from a distribution server
  • Scan all the machines at their site
  • Download the missing patches from a distribution server
  • Deploy all approved patches that are missing
  • Roll up the results of the scans and deployments to the central console

For more information, see Configuring the Remote Consoles in a Disconnected Configuration.