Distribution package cloud storage

Endpoint Manager SU3 adds a new cloud storage feature for distribution packages and additional files. Normally, organizations configure preferred servers to host their distribution files. Storing these files in the cloud instead can reduce the amount of Endpoint Manager infrastructure you have to maintain. Cloud storage supports both Windows and macOS.

The supported cloud storage environments are Amazon S3 buckets and Microsoft Azure blobs. Your organization will need its own Amazon S3 or Microsoft Azure account. The credentials you provide for these accounts are stored in the Endpoint Manager credential manager. You must use the core server's console when adding credentials and creating Azure or Amazon cloud connections.

  1. In your Amazon S3 configuration tool, create a bucket to hold your distribution files. The bucket name must be unique, and remember the name you used so you can enter it later.
  2. On your core server, click Tools > Configuration > Credential manager.
  3. In the tree, right-click S3 storage credentials, and click Create cloud storage credentials.
  4. Enter a descriptive Unique name for this credential. It doesn't have to be the bucket name.
  5. Enter your Amazon S3 account Access key.
  6. Enter your Amazon S3 account Security key.
  7. Click Save.
  1. In Azure, create a blob to hold your distribution files.
  2. On your core server, click Tools > Configuration > Credential manager.
  3. In the tree, right-click Azure storage credentials, and click Create cloud storage credentials.
  4. You can provide either your Azure Connection string or your Azure Access key. Select the one you want to use and enter it.
  5. Select the Storage account you will be using.
  6. Click Save.

Once you've entered your cloud credentials in credential manager, you need to set up your cloud source as a software distribution preferred server.

  1. On your core server, click Tools > Distribution > Cloud Storage.
  2. In the tree, right-click S3 Buckets and click New storage.
  3. Enter the S3 bucket name for the bucket you created in Amazon S3.
  4. Select the S3 credential you configured in credential manager. Click the Manage credential icon if you want to modify or add new S3 credentials.
  5. Select the S3 Region you're using to host the bucket.
  6. Click the Test button to make sure your configuration works.
  7. Click Save.
  1. On your core server, click Tools > Distribution > Cloud Storage.
  2. In the tree, right-click Azure blob and click New storage.
  3. Enter the Blob container name that hosts your distribution files.
  4. Select the Storage account you configured in credential manager. Click the Manage credential icon if you want to modify or add new blob credentials.
  5. Click the Test button to make sure your configuration works.
  6. Click Save.

Creating a cloud distribution package

When you create a distribution package, your configured S3 buckets or Azure blobs display in the list of available package file sources. The cloud distribution package format is AZ:<container name>:\ or S3:<container name>:\. To see a list of files, you need to have the correct package type (for example, macOS will show .pkg files but Windows will not).

Both cloud storage providers support the creation of pre-signed URLs that point to individual files. When you select a cloud file for the package, software distribution uses API calls to generate the secure pre-signed URLs and includes them in the package configuration. When these URLs are created, you can specify how long the URLs will be valid for. Once the URL expires, the link and any software distribution packages using it will no longer work.

A cloud distribution package's primary file must be from a cloud source. Additional files can be any mix of cloud or other sources, such as preferred servers.

When distributing a cloud distribution package to endpoints, those endpoints will automatically download cloud package files as necessary. If cloud files are already in the distribution cache on nearby peers, peer download and other configured bandwidth-saving distribution options will work as they normally do.

  1. Configure your cloud credentials in the credential manager and populate your cloud storage destination with the package files you want.
  2. On your core server, click Tools > Distribution > Distribution packages.
  3. Create a new package.
  4. On the Package information page, use the path dropdown list to select your cloud storage source. Amazon S3 cloud source paths have an S3 <bucket name>\: prefix and Azure cloud source paths have an AZ <blob name>\: prefix.
  5. In the Primary file list, browse for the primary file from that cloud source.
  6. At the bottom, select a PreSigned URL Expiration date. The cloud download URL won't work after the date you select. If a cloud URL expires, you can edit the package and select the Regenerate PreSigned URL option with a new expiration date.
  7. On the Additional files page, add any files you want from any of the available sources. Additional cloud files will use the URL expiration date specified on the Package information page.
  8. When you're done configuring the package, click Save and schedule it for distribution.