Is it possible to manage offline end point computers using the Single server installation? Basically we want to ensure laptops that go home, still receive the esm policy and force vpn to be used, but I think we may need a multi server installation (one server placed outside the corporate firewall) to accomplish this task. I know we could use esm "offline" if our clients use vpn, but we want to force them to use vpn if they are off our network and since we are using single server I am not sure if we can force them to use vpn if the esm client cannot communicate with the single server?

What would be the best approach to accomplish this task?