After a network upgrade to improve our connections to our other locations, we have just built a KSC 11 (220.127.116.111) server and are now in the process of deploying Endpoint Security (18.104.22.16819) & Security 4 Windows Server (10.1.1.746). As well as the endpoint protection, we are looking to utilize the disk encryption, software management/patching and mobile device management.
Question 1: As we now have a decent network, what would be the better option for our larger offices?
- Slave Server on site
- Virtual server on the main KSC install for each location with a local distribution point on site
- Distribution points set off the KSC instance using Administrator Groups
Question 3: Am I right in thinking that external users will only need the following ports
- TCP 13000
- TCP 17000
- UDP 15000
- UDP 15111
- TCP 13292
- TCP 17100
Thanks in advance for any guidance