Configuring a New or Existing Distribution Server

Important! In addition to using the Distribution Servers dialog to configure the distribution server within Shavlik Protect, under certain conditions you will need to provide the LOCAL SYSTEM machine account with the proper sharing and security permissions. See Configuring System Account Permissions for details.

To configure a distribution server, select Tools > Operations and then select the Distribution Servers tab. Any currently defined distribution servers are displayed in the top pane. For example:

Note: You cannot delete a distribution server that is currently being used by an agent policy. Also, if you edit and save a distribution server that is being used by an agent policy, the agents using that policy will be updated the next time they check in with the console.

To configure an existing distribution server, select the distribution server and then click Edit. To configure a new distribution server, click New. The Distribution Server dialog appears:

In the top half of the dialog, be sure to specify a location and authentication method that all the target machines can use when accessing the server. The lower half of the dialog is used to specify how the console will connect to this same location on the distribution server. Although the physical location you specify must be the same in both halves of the dialog, in the top half you can specify the method used by the target machines when accessing the data (UNC vs. Anonymous HTTP vs. Authenticated HTTP).

 

Name

The name you want to give to the distribution server you are configuring.  The name can contain letters, numbers, and special characters.

Connection method

Specify how the target machines will access the file repository on the distribution server.

  • UNC: If you want to specify both the path name of the repository on the distribution server and the logon credentials used by the target machines when logging on to the distribution server, enable this option.  You must also define the UNC Path and the Assign credentials options.

  • Anonymous HTTP: If you want the target machines to access the repository via the Internet using an anonymous (unauthenticated) Web connection, enable this option. You must also define the URL option.

  • Authenticated HTTP: If you want the target machines to access the repository via a Web browser using a secure Web connection, enable this option.  You must also define the Port, URL, and Assign credentials options.
     

Use SSL (HTTPS)

If you want the target machines to contact the distribution server using an SSL connection, enable this check box. This check box is not available if UNC is selected as a client connection.

Use specified port

Specifies the port used by the target machines when contacting the distribution server via the Web. The default value is 80, or 443 if SSL is selected.

UNC path / URL

The name of this field changes depending on whether UNC or HTTP is selected as the connection method. Specify the UNC path name or the URL path to the repository on this distribution server.

Note: The physical location you specify here for the target machines to use should be the same as the location you specify for the console to use (on the UNC path option). The method (UNC, Anonymous HTTP, Authenticated HTTP) the target machines use when connecting to the distribution server may be different, but the physical location should be the same.

Credential used by clients to access authenticated locations

This box applies only if UNC or Authenticated HTTP is specified. Select the credential (the user name and password pair) used by the target machines to access the distribution server. To define a new credential click New.

Note: Only shared credentials are contained in this list. If the credential you are looking for is not listed it probably means it is not defined as a shared credential. See Defining Credentials for information on how to share a credential.

Test Connection

If you want to test the authentication credentials used to access the distribution server, click Test Connection. For HTTP[S] distribution servers, a default content page (default.htm) is needed in the distribution server directory in order for the test to work.

 

The lower half of the dialog is used to specify how the console will connect to and synchronize with the distribution server.

 

UNC Path

The Universal Naming Convention (UNC) path name of the repository share on the distribution server. This share must be accessible by the console and is used when synchronizing the contents of the distribution server with the patches and/or scan engines and XML definition files contained on the console.

If you don't remember the exact path you want to specify in the UNC Path box, or if you need to create a new folder, click to search for or create the path name.

Credentials used by the console to synchronize

Access to a distribution server requires authentication. Select the credential (the domain\user name and password pair) used by the console to authenticate to the distribution server. To define a new credential click New.

Only shared credentials are contained in this list. If the credential you are looking for is not listed it probably means it is not defined as a shared credential. See Defining Credentials for information on how to share a credential.

Please note the following:

  • If the distribution server is being used as the download source for the definition files, the credentials of the user currently logged on to the console will be used to connect to the server rather than the credentials you supply here. This means the  distribution server UNC path must be accessible by all Shavlik Protect administrator accounts. This also means the server must reside in either the same domain as the console or in a trusted domain that will recognize the integrated credentials.

  • If you do not specify a credential then by default integrated Windows authentication will be used (the authentication credentials of the person currently logged on to the console machine).

  • If automatic synchronization is being used and there are multiple administrators in your organization using Shavlik Protect, at least one of the administrators must specify their credentials here.

Note: If you do not specify a credential AND you are using the automatic synchronization feature, you must provide the console machine's LOCAL SYSTEM account with read and write access to the distribution server folder. See Configuring System Account Permissions for details.

Test Connection

If you want to test the authentication credentials used to access the distribution server, click Test Connection. The credentials cannot be verified if the current session is already connected to the share.