Thanks for your reply. I have a better understanding of the controller now. However, my understanding is that the controller will pull the remote control server policies so that the connection will be managed. Would this be considered a P2P managed connection?
The only thing that Managed and P2P mode have in common is that once a connection is established only the controller and the target are involved and communicate directly. The connection initiated in managed mode from the server webui works like this:
- The user click on start session
- The server checks if you have the rights for acting to the target
- The server generate an authorization token an pass it to the controller
- The controller is either downloaded or directly run if installed.
- The controller connects to the server to and download the configuration from server
- The controller connects directly to the target
- The target connects to the server and check the token passed by the controller
- The target updates the policies by downloading them from the server.
- The controller is connected to the target.
In P2P mode all the accounting and authorization stuff are skipped. Of course you still have to provide the target machine credentials unless disabled in the target settings.
However in Managed mode you can also have a gateway or a gateway hierarchy and a broker. In that case the connection will involve also them. These components are not supported in P2P mode.
We will generally have the controller installed on the PCs that our desktop support team uses. These PCs will also have the Bigfix console installed. In this case we would want to be able to start a remote control session from a right click in the Bigfix console.
The BigFix console can start P2P sessions only. When you righ-click on a computer and click on "IBM BigFix Remote Control" the stand-alone Controller is opened and the fields are prefilled with the selected computer properties. This won't work if you have disabled P2P mode on your targets or if you need a managed connection.
However, we do have third parties outside our network that will need to connect to servers inside our data center. These systems could also have the controller installed, but they need to receive the policies from the RC Server so that they are limited to specific servers.
I'm afraid that this is not currently supported. You can use a broker or ICB ( Internet connect broker ) only if you need to access targets which are on a different network reachable through internet. So in that case you start the broker session using the server webui and then giving the code to the operator you allow the target to join the session through the broker which is public available on internet. The main problems in your scenario are the following:
- The Remote Control Server is not supported on internet for security reasons.
- The broker session can only be started from the server webui so from a computer which is able to reach the server.
- The Third party probably can't access the RC server network unless a VPN or something else is provided to access your company network.
I hope this help to have the whole picture