Configuring a New or Existing Distribution Server

There are a number of reasons why you may choose to use a distribution server. In Windows environments, a distribution server can be used to store patches as well as the most up-to-date engines and definitions that are available. In Linux agent environments, distribution servers can be used to download core files but not patches. Linux agents use YUM to download any patches that must be deployed. For more details on distribution servers, see Why Use a Distribution Server?.

IMPORTANT! In addition to using the Distribution Servers dialog to configure the distribution server within Security Controls, under certain conditions you will need to provide the LOCAL SYSTEM machine account with the proper sharing and security permissions. See Configuring System Account Permissions for details.

How to Access Your Distribution Servers

To configure a distribution server, select Tools > Options and then select the Distribution Servers tab. Any currently defined distribution servers are displayed in the top pane.

You cannot delete a distribution server that is currently being used by an agent policy. Also, if you edit and save a distribution server that is being used by an agent policy, the agents using that policy will be updated the next time they check in with the console.

To configure an existing distribution server, select the distribution server and then click Edit. To configure a new distribution server, click New. The Distribution Server dialog is displayed.

In the top half of the dialog, be sure to specify a location and authentication method that all the target machines can use when accessing the server. The lower half of the dialog is used to specify how the console will connect to this same location on the distribution server. Although the physical location you specify must be the same in both halves of the dialog, in the top half you can specify the method used by the target machines when accessing the data (UNC vs. Anonymous HTTP vs. Authenticated HTTP).

Field

Description

Name

The name you want to give to the distribution server you are configuring. The name can contain letters, numbers, and special characters.

Connection method

Specify how the target machines will access the file repository on the distribution server.

  • UNC: If you want to specify both the path name of the repository on the distribution server and the logon credentials used by the target machines when logging on to the distribution server, enable this option. You must also define the UNC Path and the Assign credentials options.
  • Anonymous HTTP: If you want the target machines to access the repository via the Internet using an anonymous (unauthenticated) Web connection, enable this option. You must also define the URL option.
  • Authenticated HTTP: If you want the target machines to access the repository via a Web browser using a secure Web connection, enable this option. You must also define the Port, URL, and Assign credentials options.

Use SSL (HTTPS)

If you want the target machines to contact the distribution server using an SSL connection, enable this check box. This check box is not available if UNC is selected as a client connection.

Use specified port

Specifies the port used by the target machines when contacting the distribution server via the Web. The default value is 80, or 443 if SSL is selected.

UNC path / URL

The name of this field changes depending on whether UNC or HTTP is selected as the connection method. Specify the UNC path name or the URL path to the repository on this distribution server.

The physical location you specify here for the target machines to use should be the same as the location you specify for the console to use (on the UNC path option). The method (UNC, Anonymous HTTP, Authenticated HTTP) the target machines use when connecting to the distribution server may be different, but the physical location should be the same.

Credential used by clients to access authenticated locations

This box applies only if UNC or Authenticated HTTP is specified. Select the credential (the user name and password pair) used by the target machines to access the distribution server. To define a new credential click New.

Only shared credentials are contained in this list. If the credential you are looking for is not listed it probably means it is not defined as a shared credential. See Defining Credentials for information on how to share a credential.

Test Connection

If you want to test the authentication credentials used to access the distribution server, click Test Connection. For HTTP[S] distribution servers, a default content page (default.htm) is needed in the distribution server directory in order for the test to work.

The lower half of the dialog is used to specify how the console will connect to and synchronize with the distribution server.

Field

Description

UNC Path

The Universal Naming Convention (UNC) path name of the repository share on the distribution server. This share must be accessible by the console and is used when synchronizing the contents of the distribution server with the patches and/or engines and definition files contained on the console.

If you don't remember the exact path you want to specify in the UNC Path box, or if you need to create a new folder, click to search for or create the path name.

Credential used by the console to synchronize

Access to a distribution server requires authentication. Select the credential (the domain\user name and password pair) used by the console to authenticate to the distribution server. To define a new credential click New.

Only shared credentials are contained in this list. If the credential you are looking for is not listed it probably means it is not defined as a shared credential. See Defining Credentials for information on how to share a credential.

Please note the following:

  • If the distribution server is being used as the download source for the definition files, the credentials of the user currently logged on to the console will be used to connect to the server rather than the credentials you supply here. This means the distribution server UNC path must be accessible by all Security Controls administrator accounts. This also means the server must reside in either the same domain as the console or in a trusted domain that will recognize the integrated credentials.
  • If you do not specify a credential then by default integrated Windows authentication will be used (the authentication credentials of the person currently logged on to the console machine).
  • If automatic synchronization is being used and there are multiple administrators in your organization using Security Controls, at least one of the administrators must specify their credentials here.

If you do not specify a credential AND you are using the automatic synchronization feature, you must provide the console machine's LOCAL SYSTEM account with read and write access to the distribution server folder. See Configuring System Account Permissions for details.

Test Connection

If you want to test the authentication credentials used to access the distribution server, click Test Connection. The credentials cannot be verified if the current session is already connected to the share.

Synchronize with Predictive Patch

This is different than the automatic synchronization feature, which enables you to synchronize all engines, definitions, and patches contained on the console.

If enabled, those patches that have been downloaded to the console by the Predictive Patch feature will be synchronized with (copied to) this distribution server. Product levels are not included in this synchronization. The Patch Sync column in the top pane of the Distribution Servers tab will indicate if Predictive Patch is enabled for a distribution server.

A background task will be created when the synchronization is performed. You can track the progress of the synchronization task using Event History.