How to secure communication between WAN agents and Desktop Central

How to secure communication between WAN agents and Desktop Central
How to secure communication between
WAN agents and Desktop Central Server
using Forwarding Server?
Description
This document will explain you the steps involved in securing the communication
between the Desktop Central server and WAN agents which are installed in
various remote locations through Desktop Central Forwarding Server component
without exposing Desktop Central Server to the internet.
You need follow the below steps to introduce Forwarding Server based
communication to Desktop Central.
1. Step 1 : Desktop Central Server side settings
2. Step 2 : Install and Configure Forwarding server
3. Step 3 : Copying the Certificates
4. Step 4 : Infrastructure recommendations
Step 1 : Modify Desktop Central Settings

Modify the Server Name to Forwarding Server Public Address in the
Remote Offices (Basically to ensure the WAN Agents and DS
Communication to Forwarding server)

Ensure Remote Offices are configured for HTTP secure communication.
Step 2 : Install and Configure Forwarding Server

Download the Forwarding Server from the URL given below
https://www.manageengine.com/products/desktopcentral/dcforwardingserver.exe

Start the installation process (Double click the EXE)

Enter the Desktop Central Server Name, HTTP and HTTPS Port numbers
and click Next
o
DC Server Name : Specify the FQDN/DNS/IP address of the DC
server
o
DC HTTP Port : The port number that the forwarding server uses to
contact the DC server (ex:8020)
o
DC HTTPS Port : The port number that the mobile devices use to
contact the DC server (ex:8383 - it is recommended to use the same
port 8383(HTTPS) for Desktop Central Server in secured mode).

Ensure the Certificate copy process discussed in ‘Copying the Certificate’ is
followed properly and click install to complete the installation process.
Step 3 : Copying the Certificates
Perform the sequence of operations as listed below:

If you are using Self Signed Certificate, follow the steps mentioned below:
o
Copy the server.crt and server.key files located in Desktop Central
Server under ManageEngine\DesktopCentral_Server\apache\conf
directory to the ManageEngine\DCForwardingServer\apache\conf
directory in the computer where Forwarding Server is installed
o
If you are using Third Party Certificate, follow the steps mentioned below:
o
Third Party Server Certificate has to be renamed as server.crt
o
Private key has to be renamed as server.key
o
If you are using an intermediate certificate, modify the file name as
intermediate.crt
o
Copy the server.crt, server.key and the intermediate certificate and
paste it in the location where the forwarding server has been installed
- ManageEngine\DCForwardingServer\apache\conf\
o
Navigate to
ManageEngine\DCForwardingServer\conf\websetting.conf and add
the line: intermediate.certificate=intermediate.crt
Step 4 : Infrastructure Recommendation
You will have to follow the steps mentioned below:
1. Configure Desktop Central server in such a way, that it should be reachable
via public IP/FQDN address. You can also configure the Edge
Device/Router in such a way that all the request that are sent to the Public
IP/FQDN address gets redirected to the Desktop Central Forwarding Server.
2. It is mandatory to use HTTP in secure mode for agent server communication
3. You will have to ensure that the following port is open on the firewall for the
WAN agents to communicate the Desktop Central Forwarding Server.
Port Type
Purpose
Connection
For communication between the WAN
8383 HTTPS
agent/Distribution Server (DS) and the Desktop
Inbound to
Central (DC) server using Desktop Central
Server
Forwarding Server (DCFS).
You have now secured communication between the Desktop Central Forwarding
server and the WAN agents.
Limitation
This current release of Desktop Central Forwarding Server is yet to support the
following operations for the WAN agents. On-demand scan, Deploy Immediately,
Remote control, Chat, Announcement, System Manager and Move Remote Office
features.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising