This document explains how to transfer data and patch files manually from a Shavlik Protect Console on a Internet facing network, to a Protect Console on a Secure network with no internet connection using Write Once/Read Only Media . This procedure is used when data from re-writable media is not allowed to be copied to machines in a secure zone.
Setup a separate Distribution Share for Internet Connected and Offline Protect Consoles as a data file and patch repository
- Setup a separate shared folder for each security zone for the Internet Connected and offline facing consoles that is accessible from the console to be used as the path for Distribution Server configuration.
- Make sure that patch definitions downloads are scheduled so that current patch definitions are synced to the Distribution Server share
- Configure a Distribution Server on each console using the document, Configuring Authenticated SMB Distribution Servers.
- Configure the Distribution Server on the Connected Protect Console to Sync All engines, definitions, and patch downloads.
- Under Tools > Operations > Downloads on the Secure Network Protect Console, select the Specific Distribution Server for the "Definition download source" and the "Patch and Service Pack" download source.
Copy files to a DVD to be delivered to the Protect Console on the Secure Network
- Sync data files and patches to the Distribution Server share manually using information the document How To: Manually Synchronize Distribution Servers
- Burn contents of the Distribution Server Share from the Internet Connected Console to a write one DVD-R
- Walk the DVD-R to the Secure non-internet facing network and copy the contents to the Distribution Share on the Secure Network Protect Console
Using the copied files
After the data files and patches have been downloaded to the Secure Network Protect Console Distribution share, data files will be transferred to the correct folder when files are refreshed automatically during a scan or manually using Help > Refresh files. Patch downloads will go to the Downloads folder when the console requests a patch download during deployment.
This Procedure is simplified by using the existing Download folder as specified under Tools > Operations > Downloads as the Distribution Share for the internet console. This eliminates the need to sync the Patch downloads. You would only need to sync the Core engines/definitions and Threat engines/definitions if you are using agents.