Allow_Install_Policy

[Weird73]

I am setting up a TMR test environment, which will eventually lead to a separate TMR environment. A production TMR already exists.

The existing TME, consists of over 2500 endpoints. The network i have implemented the test TMR, is a production network, and I am unable and do not wish to isolate this.

Initially I wish to implement a Allow_Install_Policy which will ignore all endpoints attempting to connect to the gateway, except say 1-3 specifically mentioned endpoints.

How would I go about doing this ? The TMR is a WIN2K box. Thanks in advance.

 

[Weird73]

I am thinking about using a different gateway/endpoint port to separate the new TME from the existing TME, as they will co-exist. This is so I dont pick up endpoints from the existing TME. Is this the best solution ?

 

[ladato]

You have two choices which I would label "simple".

The first is what you state - use a different set of ports. This would allow you to use the exact same endpoint policy in your "lab" versus production. The downside is that you have to be careful when installing new lab endpoints.

The other choice goes back to the name of this thread - just use allow_install_policy to explicitly allow endpoints with a particular name or IP address and refuse all others. The upside is that your endpoint installation can be identical as production, but allow_install_policy will be different.

Let me know if this makes sense, and if you need more specific information.

Leon
adatole@yahoo.com

Leon Adato (adatole@yahoo.com)
Measure what is measurable,
And make measurable what is not so.
- Galileo

 

[Pieter59]

You could use:
wputeppol allow_install_policy < nextscript.sh


IPADDRESS=`echo $5 |awk '{FS=&quot;+&quot;}{ print $1 }'`
echo $IPADDRESS >> /tmp/epmgr_allow_inst.log
HOSTS=&quot;xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx&quot;
for host in $HOSTS
do
if [ &quot;$IPADDRESS&quot; = &quot;$host&quot; ]
then
exit 0
fi
done
exit 1