ESMC 7 introduces a new generation of the agent/server communication protocol. The new replication protocol uses TLS and HTTP2 protocols so it can go through proxy servers. There are also new self-recovery features and a persistent connection that improves overall communication performance.
ESET provides a pre-configured Apache installer. The user can also use other proxy solutions (besides Apache HTTP Proxy) that fulfill the following conditions:
The configuration of other proxy solutions is not provided or supported by ESET. Other solutions may not support caching of ESET Dynamic Threat Defense (EDTD) communications.
The ESMC 7 Virtual Appliance contains a correctly pre-configured Apache HTTP Proxy. We recommend you use the new appliance instead of upgrading the old one.
Upgrade your ERA Server to ESMC 7 via a Remote Administrator Components Upgrade Task. This task updates the server, agent and web console. When assigning a target for the task, only select the machine with the ERA Server.
Wait approximately 24 hours to verify the upgraded environment runs smoothly.
To keep your proxy safe and well configured, replace your old ERA Proxy - Virtual Appliance with the new version. ESMC 7 does not provide a standalone proxy configuration as ERA 6.x did. We recommend you deploy a new ESMC Server - Virtual Appliance. The new server is not used as an administrative server, but a proxy. The correctly configured Apache HTTP Proxy is included in the ESMC 7 Virtual Appliance download.
Reinstall the ESET Management Agent on the appliance and connect it to the main ESMC Server. Open the virtual machine with your ESMC Virtual Appliance → Enter Management mode → enter your password → Login → Exit to terminal.
The Agent installer is located at:
We recommend you use the server-assisted installation. For example:
Replace the hostname and password values with actual values from the main ESMC Server. For more information, refer to the Agent installation - Linux topic in the ESMC Online Help Guide.
If required, you can stop certain services on the new appliance to save resources.
In the Terminal, run the applicable commands:
|System V init||Systemd|
To prevent ESMC and MySQL services from starting after reboot, disable them:
Modify the Apache HTTP Proxy configuration file /etc/httpd/conf.d/proxy.conf. Use the nano editor in the Terminal or access the file using Webmin. For nano, use the following command:
If you have changed the default port (2222) for the agent, find the line
AllowCONNECT 443 2222 and change
2222 to the number of your port.
Add the hostname or IP address of your ESMC Server to the configuration file. The hostname you add must be exactly the same as the hostname agents use to connect to the ESMC Server. You can also add a ProxyMatch expression.
Close the file and save the changes.
Restart the Apache HTTP Proxy service.
systemctl restart httpd
Open the ESET Security Management Web Console (ESMC Web Console) in your web browser and log in. If the new agent is connecting, use it for future maintenance of the proxy machine.
In the ESMC Web Console click Policies → New Policy.
Type a Name for the policy.
Click Settings, select ESET Management Agent.
In the Connection section, next to Server connects to, click Edit server list.
In the Host field, type the applicable address (the address must match what the agent uses in the configuration) of your ESMC Server and click OK.
In the Policy settings drop-down menu, select Append.
Click Advanced Settings. In the HTTP Proxy section, select Different Proxy Per Service from the Proxy Configuration drop-down menu.
Next to Replication (to ESMC Server), click Edit.
Enable the Use proxy server. In the Host field, type the IP address of the proxy machine. In the Port field, leave the default value (3128), and click Save.
Click Finish to save the policy. Do not assign it to a computer yet.
Choose one computer that is connected via ERA Proxy and assign the new policy to that test client.
After a few minutes, verify the computer is still connecting to the ESMC Server.
Verify the client is connected to the ESMC Server. Continue upgrading the remaining clients.
Apply the policy from part III to the other computers connected via the ERA Proxy.
After the policy is applied, verify all clients are connecting to the ESMC Server.
Run a Security management Center Components Upgrade Task.
If all clients are connecting to the ESMC Server after the upgrade is finished, proceed to section V below.
Open the ESET Security Management Web Console (ESMC Web Console) in your web browser and log in.
Click Policies, select the applicable policy and click Edit.
In the Policy settings drop-down menu, select Replace.
Click Finish to save and apply the policy.
Remove the ERA Proxy Virtual Appliance (remove the virtual machine from the hypervisor).