IBM Proventia Network Enterprise User Manual - page 221
Configuring an Alternate Update Location
221
IBM Proventia Network Enterprise Scanner User Guide, Version 1.3
Configuring an Alternate Update Location
Introduction
By default, an agent receives updates from the IBM ISS Download Center. If you prefer,
you can update your agent from a locally managed SiteProtector X-Press Update Server
(XPU Server) instead. The SiteProtector XPU Server mirrors and caches updates from the
IBM ISS Download Center.
Advantages of an
XPU Server
If you do not use an XPU Server, every agent must have access to the Internet so that it can
download its own updates from the IBM ISS Download Center. An XPU Server provides
these advantages:
●
Security is greater because only the XPU Server needs access to the Internet.
●
The use of Internet bandwidth is reduced because you download the update to the
XPU Server just once for all the agents that use the Server.
Procedure
To configure an alternate XPU Server:
1. From the SiteProtector Console, open the Update Settings Policy for the agent to
configure, and then select the Alternate Update Server tab.
2. Select the Use Alternate Update Server check box.
3. Complete the following fields:
4. Click Save Changes.
Field
Description
Host or IP
The DNS name or IP address of the XPU Server.
Port
The port number the XPU Server is using to monitor for download
requests. For a SiteProtector XPU Server, use 3994. (The port for
the IBM ISS Download Center is 443.)
Trust Level
The level of authentication to use to establish a secure
communication channel between the agent and the XPU Server:
•
Trust-all
The agent trusts the server, and no update certificates are
needed for authentication.
•
Explicit-trust
The agent uses a local certificate to authenticate the Update
Server.
Reference: “Configuring Explicit-Trust Authentication with an
XPU Server” on page 220.
CA Certificate
Note: Applies to explicit-
trust only.
If you select Explicit-Trust for the Trust Level, the fully qualified
path of the XPU Server's certificate that you must manually copy
to the agent, which is the following:
/var/spool/leafcerts/
Reference: “Configuring Explicit-Trust Authentication with an
XPU Server” on page 220.