I have an on-prem network , I have a VPN network and I have remote laptops that are leveraged off the VPN @ home.
It is common that devices can be taken home, connected to VPN, or be managed through Internet facing relays. In today’s Covid world the remote and moving asset is more and more apparent. This creates some challenges for the BigFix administrator when it comes to best "network neighbor practices".
For example, I want to restrict direct downloads when the device is on prem vs @ home.
Or I want to leverage persistent connections while at home, but not on prem.
Or I want to leverage remote downloads while the device is in VPN for external Microsoft patches, but I want to leverage a DMZ relay for customer specific configuration \ packages.
The challenge is the BigFix client is not aware of where it is, at every moment before it may proceed in making a download request. So there is a potential \ likely timing issue where the machine could download direct when on-perm; or download as though it was on-prem , but is really remote.
The nature of this request is to implement "network fencing \ download profiles". For example... Today in the smart home world, I can have my garage door open when I enter \ become within 200Ft of the house. I can have my lights turn on simultaneously when I enter the proximity. The logic can apply to network administration \ BigFix. So when I move to a home network, within proximity. I want the client to behave a certain way. When I move in proximity to the corporate network... I want the client to behave in a different way. The intent is to conserve and manage profiles based upon the "fence" the client has entered. This can apply to direct downloads , CPU allocations , Client network throttle settings , the use of Persistent connections, the list goes on and on. The key is the definition of the fence must be evaluated when the clients IP changes, and thus must be hooked @ that very point to decide what profile \ fence settings to apply. The settings (like direct download) need to be applied immediately before the client can begin a download.