Device with Network Agent installed can be used as distribution point. In this mode, Network Agent can perform the following functions:
Distribute updates (these can be retrieved either from the Administration Server or from Kaspersky servers). In the latter case, the Download updates to the repositories of distribution points task must be created for the device serving as the distribution point.
Install software (including initial deployment of Network Agents) on other devices.
Poll the network to detect new devices and update information about existing ones. A distribution point can apply the same device discovery methods as the Administration Server.
Deployment of distribution points on an organization's network pursues the following objectives:
Reduce the load on the Administration Server if it functions as the update source.
Optimize internet traffic since, in this case, each device on the MSP client network does not have to access Kaspersky servers or the Administration Server for updates.
Provide the Administration Server access to devices behind the NAT (relative to the Administration Server) of the MSP client network, which allows the Administration Server to perform the following actions:
Send notifications to devices over UDP.
Poll the network.
Perform initial deployment.
A distribution point is assigned for an administration group. In this case, the distribution point's scope includes all devices within the administration group and all of its subgroups. However, the device acting as the distribution point does not have to be included in the administration group to which it has been assigned.
You can make a distribution point function as a connection gateway. In this case, devices in the scope of this distribution point will be connected to the Administration Server through the gateway, not directly. You can use this mode in scenarios that do not allow the establishment of a direct connection between devices with Network Agent and an Administration Server.
Devices functioning as distribution points must be protected, including physical protection, against any unauthorized access.