Jump to content

exosource

Members
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

1 Neutral

My Information

  • Agent Count
    1000 - 1500 Agents
  1. exosource

    Patch Manager - Applying Ignored Patches

    From what I was able to figure out, those "Feature Upgrades" aren't actually feature upgrades, but LCU (Latest Cumulative Updates) to those bi-annual versions. In other words, they are just quality patches. The bi-annual feature upgrades are not part of the patch manager functionality, you can't fully automate those, so you can either let your users upgrade by themselves (its not clear if / when they will get prompted if you disable WUA) or you can use the Connectwise-Provided script to plan those upgrades yourself. (See Automate documentation, search for Windows 10 Supportability statement). Since those systems become end of life after just 1.5 years, it feels like that information should be made very explicit in the patch manager documentation and that the Windows 10 upgrade processes and options should be more explicit - but it seems like everyone is playing catch up to MS.
  2. exosource

    RMM Security Best Practices

    We used to block external access to the "Old" Web control center through IIS filtering policies, but now we need to block the new one + the API itself and possibly other components. As far as I know there is zero documentation on locking down those accesses. Probably due to a focus on Automate Cloud which, by definition, is open to the Internet. Shouldn't we be able to differentiate agent check-in from privileged API/console access? How about restricting API accounts to specific IP ranges, since they can't be protected by MFA? It feels like such a security-critical system should provider better control and segmentation. MFA is nice (and necessary) but it isn't sufficient in itself when plugins and integrations are an essential functionality. EDIT : Here's what I was able to find out so far regarding the IIS sites/folders : aspnet_client : no idea, not much there - access seems disabled automate : new web control center UI crystalreportviewers12 : I'm assuming its related to crystal report (!) - access seems disabled cwa : Connectwise Automate API dashboard-pod : some work in progress? seems like mostly frontend assets LabTech : this seems to be the main point of communication for agent check-in, deployments, etc. WCC2 : Legacy Web Control Center I blocked external access to everything except the LabTech "folder", I guess we'll see 😃 I'm expecting this to break external integrations that communicate through the API (ex: IT Glue), but then I can allow their source IPs assuming they public them.
  3. exosource

    Thycotic Secret Server Integration

    They don't. They use complex passwords and MFA and get on with their days.
  4. exosource

    Feature Updates

    Windows 10 Patching involves semi-annual update packages. That's how it works. They're not discretionary and if you're not applying them on a regular basis you'll end up in trouble with your customers. The support lifecycle for Home/Pro is 1 1/2 years from release BUT your customers will be nagged and force-updated So, since Labtech is mostly a Windows-OS-management tool, and that patching is at the core of its value proposition, I don't think it is unfair to expect them to fully support Windows 10 patching almost three years after its release. No one said it was easy, but that's their core business.
  5. exosource

    Acronis BaaS plugin for LabTech

    Spoke with rep yesterday, told me they plan a CW integration (but that you should NOT run both LT and CW integrations at the same time). Maybe the CW integration will be better suited to monitoring/response/reporting?
  6. exosource

    Grafana and Labtech

    Great tips, thanks! One of the things that prevented me from trying Grafana in the past is that I was certain it didn't support SQL sources. For those who would like to try this quickly on Windows, here's an alternative 1. Download Docker for Windows (newer versions require Hyper-V to be enabled on host) 2. Run this command is PowerShell : docker run -d -p 3000:3000 --name grafana grafana/grafana 3. Login to http://localhost:3000 Docker won't "save" your changes when the image terminates, but its a good way to play around with Grafana. *** Turns out the docker image doesn't include the pre-built SQL support, so you might not get very far with that option
  7. exosource

    Acronis BaaS plugin for LabTech

    Yes unfortunately Acronis has been less than responsive regarding their (newly aquired) product, In Canada they are reselling through Ingram's Cloud Marketplace in a watered down format so they don't have any local reps and their pre-sales effort is pretty much non-existent. That's too bad because the product demos looked really promising. I really wanted this to be an alternative to our Veeam offerings and a replacement for Vembu StoreGrid (or whatever its called these days). I wouldn't be supprised if Veeam came out with a commercial version of Endpoint Backup that uses the Cloud Connect functions in the next 12 months. If that happens they're going to give the other guys a run for their money.
  8. exosource

    MSP Backups

    CloudBerry for Bare Metal backups requires a "staging" area where the whole image needs to be created before being uploaded. That was kind of a deal breaker for us. Trying Acronis BaaS now ... looking good.
  9. exosource

    Acronis BaaS plugin for LabTech

    Hi Robbert, We're likely to adopt BaaS as one of our primary backup solutions. We were not originally a BackupAgent user, but we might be a good candidate for beta testing the integration. We manage around 1000 endpoints / 100 servers. Also, I've tried establishing contact with the BaaS team a few times with no success. Do you have an email contact to share for MSP partner relationships? Regards Guillaume
×