What Is The Relegation Gateway Service In Services

Goverlan Reach Gateway Services are enabled via the Goverlan Reach Server (GRS). The Goverlan Achieve Server is a software component that can be installed on 64-bit only Windows Server 2008 R2 or later.

Implementing a Goverlan Accomplish infrastructure is done via the following iii steps:

Basic Configuration

This configuration applies to corporate infrastructures and to software production vendors who want to support their products via On-Demand support sessions.

At least ONE Master GRS must be installed on the private network where the Goverlan back up operators are located.

This configuration allows for unattended access of any customer reckoner equipped with the Goverlan Attain Client Amanuensis as well as attended access of whatsoever other reckoner via an On-Demand Accomplish session.

This configuration is defined under Implementing the Master GRS.

Adding Support for Remote Client Sites

A Client Site configuration applies to It Service Providers who wish to manage their client sites with Goverlan Achieve Gateway Services. Client Sites can also be used by multi-site enterprise environments to extend Reach Services to them.

An optional Secondary GRS can exist implemented at each client site for Policy and Auditing:

This configuration is defined under Enabling Remote Client Sites with Reach.

Implementing the Primary GRS

Download and Install the GRS

The latest Goverlan Attain Server can be downloaded by logging into my.goverlan.com, selecting the Goverlan Reach Server tab and clicking on Download This Production.

Minimum System Requirements: The Goverlan Reach Server software tin be installed on whatever Windows Server 2008/Server 2008 R2 or later operating arrangement with a minimum of 4GB of RAM and 200MB of available disk space.

Configure the Goverlan Accomplish Server

Open the Server Configuration window and configure the post-obit options:

Relationship

A GRS tin be a primary server or a dependent server. The primary server is installed within the administrative site (the site where Goverlan Operators reside). In the case of a MSP implementation, customer-site GRS'southward will be dependent on the principal (covered subsequently under Enabling Remote Client Sites with Reach).

For this primary server, keep this setting as the Primary Goverlan Reach Server.

Server Settings

Network Configuration

The port exposed on the internal side of the network used to provide GRS services to your internal machines is defined here. This port should be reachable by all of your machines inside the private infrastructure.

The default port number is 22100.

Server Services Authentication

Enter the user ID and countersign that volition be used to outset the Goverlan Achieve Server and Goverlan Accomplish Gateway Services.

This account needs to take the following privileges:

Logon as a service permission
Local Administrator permission on the server
DB Creator correct if using a MS SQL Server (Optional)

Database Settings

By default, the GRS installer will automatically install a LocalDB database. This file-based database tin adapt medium sized networks of up to 500 nodes. No further configuration is necessary for the LocalDB database.

For larger networks, use the GRS settings to switch to a MS SQL Server/Express instance for the database.

SQL Server Configuration

Change the database type to Microsoft SQL Server and enter the SQL Server details. The Service Account configured in Service Account Configuration is used when Windows Authentication is selected.

If SQL Hallmark is required, modify the hallmark method and enter the SQL business relationship credentials.

Gateway Configuration Steps

The Goverlan Reach Gateway Service requires two TCP ports to be configured. Ane which is facing the inside of your network, and ane that is exposed to the internet through your firewall.

The external TCP port will exist used to communicate with external endpoints. Configure your external firewall with a PAT (Port Address Translation) or a NAT (Network Address Translation) rule that is directed at the Goverlan Reach Server's IP and configured external TCP port.

It is recommended that a friendly DNS name be assigned to the public IP accost.

For Example: reach.corpxyz.com would point to the external IP address of the firewall where the dominion is configured.

Delight refer to your router'due south documentation for specific information regarding port forwarding.

Note

Make sure that the Windows firewall allows all of the configured TCP ports used by the GRS and the Gateway Services.

Gateway Configuration

About My Organization

Enter the name of your organization in this field (for instance 'Corp XYZ, Inc.'). This proper name volition be used during On-Demand Support Sessions to brand the package for the remote customer. It will too be used equally the default container for corporate clients that are connected from exterior of your private network.

Publish Gateway configuration to all Goverlan operators via policies

Turn on this choice to automatically configure the Goverlan Reach Gateway section of the General Settings of all Goverlan operators via policies. This should be enabled most of the fourth dimension on the chief Goverlan Accomplish Server.

Enable Gateway Services on my machines

Enable this option to enable laptops within your organization to automatically register with the Gateway server one time they are outside of the organization. This enables yous to manage these mobile users even when they are connected to a public network.

Turning off this option volition foreclose laptops from registering automatically with the Gateway server. You will withal be able to support these users via On-Need sessions.

Roaming Detection Method

Roaming may be configured in multiple ways.

Use Gateway's Private Facing Address (Default) –If the endpoint cannot contact the Private Facing Address, it volition annals as an external endpoint.

Apply Active Directory for Domain Joined Machines –If the endpoint cannot contact a domain controller for its assigned domain, it will register as an external endpoint. Not-Domain endpoints will use the Gateway to determine their roaming condition.

Public Facing Reach Address

Enter the Public DNS Proper noun (or IP address if no DNS proper noun has been configured) exposed to the public facing side of your network, as well as the port number to be used for advice.

Secure with Certificate

In the event that a DNS proper noun is configured, you lot can associate a public certificate with it. Associating a public certificate will further secure the network connection betwixt your clients to your Reach server past enforcing a TLS handshake.

For assistance configuring a TLS certificate for the server, see Goverlan Accomplish Gateway and TLS.

Information technology is strongly encouraged to associate an identity certificate to your Achieve public facing address. See: Reach Security.

Private Facing Achieve Accost

Enter the FQDN or IP address of the local server, as well as the port number to exist used for communication. This accost will exist used past Goverlan Operators within your network to communicate with the Attain Server.

Note

For security reasons, Goverlan Operators tin only use Achieve Services when connected on the same network as the Private Facing Attain Address.

Goverlan Attain External Devices Repository

The Goverlan Reach Repository holds active Reach node registration records and is used to browse through the bachelor external endpoints.

The Remove Stale Calculator Records setting defines the number of days to wait earlier removing stale Achieve node records. If an external endpoint has not communicated with the Reach server for the configured period, information technology is automatically removed from the repository.

You can also view and remove stale registrations from the Goverlan Reach Server. Click on View Nodes in the ribbon bar, select Show Registered but disconnected nodes, select the disconnected registrations you wish to delete and click the Delete Records push button. Or cull the Make clean Records older than Twenty days option.

This section is irrelevant for On-Need Merely Reach implementations

Advertising the Goverlan Attain Server

To swallow GRS services, the implemented GRS must advertise its existence on your network. The GRS ad enforces that the configured policies and Reach configuration is practical beyond all Goverlan software inside your infrastructure (both Operator and Customer side).

The GRS beingness can be published using one of the post-obit methods:

Via a DNS Service Location Record
Via a Group Policy Object
Manual configuration (for testing)

Please refer to the GRS User Guide Instruction folio explaining these methods.

First Your Engines

Once yous have configured the GRS/REACH server, you are ready to kickoff the services.

Click on theServer Controls tab and click onStart.
Click on the Goverlan Attain tab and click onStart the Server.