How to secure communication between WAN agents and Desktop Central Server using Forwarding Server? Description This document will explain you the steps involved in securing the communication between the Desktop Central server and WAN agents which are installed in various remote locations through Desktop Central Forwarding Server component without exposing Desktop Central Server to the internet. You need follow the below steps to introduce Forwarding Server based communication to Desktop Central. 1. Step 1 : Desktop Central Server side settings 2. Step 2 : Install and Configure Forwarding server 3. Step 3 : Copying the Certificates 4. Step 4 : Infrastructure recommendations Step 1 : Modify Desktop Central Settings Modify the Server Name to Forwarding Server Public Address in the Remote Offices (Basically to ensure the WAN Agents and DS Communication to Forwarding server) Ensure Remote Offices are configured for HTTP secure communication. Step 2 : Install and Configure Forwarding Server Download the Forwarding Server from the URL given below https://www.manageengine.com/products/desktopcentral/dcforwardingserver.exe Start the installation process (Double click the EXE) Enter the Desktop Central Server Name, HTTP and HTTPS Port numbers and click Next o DC Server Name : Specify the FQDN/DNS/IP address of the DC server o DC HTTP Port : The port number that the forwarding server uses to contact the DC server (ex:8020) o DC HTTPS Port : The port number that the mobile devices use to contact the DC server (ex:8383 - it is recommended to use the same port 8383(HTTPS) for Desktop Central Server in secured mode). Ensure the Certificate copy process discussed in ‘Copying the Certificate’ is followed properly and click install to complete the installation process. Step 3 : Copying the Certificates Perform the sequence of operations as listed below: If you are using Self Signed Certificate, follow the steps mentioned below: o Copy the server.crt and server.key files located in Desktop Central Server under ManageEngine\DesktopCentral_Server\apache\conf directory to the ManageEngine\DCForwardingServer\apache\conf directory in the computer where Forwarding Server is installed o If you are using Third Party Certificate, follow the steps mentioned below: o Third Party Server Certificate has to be renamed as server.crt o Private key has to be renamed as server.key o If you are using an intermediate certificate, modify the file name as intermediate.crt o Copy the server.crt, server.key and the intermediate certificate and paste it in the location where the forwarding server has been installed - ManageEngine\DCForwardingServer\apache\conf\ o Navigate to ManageEngine\DCForwardingServer\conf\websetting.conf and add the line: intermediate.certificate=intermediate.crt Step 4 : Infrastructure Recommendation You will have to follow the steps mentioned below: 1. Configure Desktop Central server in such a way, that it should be reachable via public IP/FQDN address. You can also configure the Edge Device/Router in such a way that all the request that are sent to the Public IP/FQDN address gets redirected to the Desktop Central Forwarding Server. 2. It is mandatory to use HTTP in secure mode for agent server communication 3. You will have to ensure that the following port is open on the firewall for the WAN agents to communicate the Desktop Central Forwarding Server. Port Type Purpose Connection For communication between the WAN 8383 HTTPS agent/Distribution Server (DS) and the Desktop Inbound to Central (DC) server using Desktop Central Server Forwarding Server (DCFS). You have now secured communication between the Desktop Central Forwarding server and the WAN agents. Limitation This current release of Desktop Central Forwarding Server is yet to support the following operations for the WAN agents. On-demand scan, Deploy Immediately, Remote control, Chat, Announcement, System Manager and Move Remote Office features.
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project