Bomgar Appliance Guide

Bomgar Appliance Guide
Appliance Administration Guide
Base 3.2
© 2011 Bomgar Corporation. All Rights Reserved.
TC:2/1/2011
Thank you for using Bomgar.
At Bomgar, customer service is a top priority. Help us provide you with excellent service. If
you have any feedback, including any manual errors or omissions, please send an email to
feedback@bomgar.com.
Appliance Administration Guide Base 3.2
Appliance Administration Guide | Base 3.2
Table of Contents
The Bomgar Appliance
4
Bomgar Appliance Web Interface
5
Appliance Administrator Login Screen
6
Status > Basics
7
Status > Storage
8
Specific to the Bomgar B300 Appliance
8
Specific to the Bomgar B400 Appliance
8
Hardware Failure Notification (B300 and B400 Only)
8
My Account
9
Networking > IP Configuration
10
Networking > Static Routes
12
Networking > SNMP
13
Security > Certificates
14
Server Configuration
14
Certificates
15
Certificate Requests
16
Keys
17
Import
17
Security > Appliance Administration
18
Security > SSL Configuration
19
Security > Email Configuration
20
Support > Utilities
21
Support > Updates
22
Support > Advanced Support
23
Bomgar Appliance Comparison
24
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
3
TC:2/1/2011
Appliance Administration Guide Base 3.2
The Bomgar Appliance
Bomgar was the first to introduce an appliance-based approach to remote support. Our patented deployment model – the
Bomgar Appliance – is the most secure option for deploying remote support.
The Bomgar Appliance resides at your facility or data center, under your security measures. This deployment model offers more
control over security, giving you a safe way to integrate remote support with identity management and making it easy to
export reporting data and videos for a complete audit trail.
Anatomy of the Bomgar Appliance
The Bomgar Appliance uses two administrative web interfaces to isolate
hardware administration from user management, /appliance and /login.
Pictured: The Bomgar B300 Appliance
Appliance Administration
User Administration
Web Interface /appliance
Used for:
Web Interface /login
Used for:
l
Installing and configuring hardware
l
Managing users and workflows
l
Upgrading Bomgar software
l
Reporting on support activity
l
Creating and using integrations
Resource
The Bomgar Appliance Administration Guide
Resource
The Bomgar Administrative Guide
Using this Guide
For security reasons, Bomgar has separated administration of the appliance from user administration. While you can create
multiple administrative accounts for user administration, only one account is allowed for appliance administration.
Accordingly, this guide focuses exclusively on administration of the Bomgar Appliance. Information on user administration (the
/login web interface) can be found in the Bomgar Administrative Guide.
l
See "Bomgar Appliance Web Interface" on page 5 for information on configuring your appliance.
l
See "Bomgar Appliance Comparison" on page 24 to compare versions of the Bomgar Appliance.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
4
TC:2/1/2011
Appliance Administration Guide Base 3.2
Bomgar Appliance Web Interface
This guide is designed to help you administer the Bomgar Appliance through its /appliance web interface. The appliance
serves as the central point of administration and management for your Bomgar sites. Use this guide only after you have
performed the initial setup and configuration of the Bomgar Appliance. Should you need any assistance, please contact us tollfree at 1.866.205.3650 x2 or internationally at +01.601.519.0123 x2. You can also email us at support@bomgar.com.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
5
TC:2/1/2011
Appliance Administration Guide Base 3.2
Appliance Administrator Login Screen
After installation of the appliance, log into the Bomgar Box
administrative interface by going to your appliance’s public
URL followed by /appliance (ex.,
http://support.example.com/appliance).
Default Username: admin
Default Password: password
You will be prompted to change the administrative password
the first time you log in.1
Note: For security purposes, the administrative username and
password for the /appliance interface are distinct from those
used for the /login interface and should be managed
separately.
1 Passwords must be at least 8 characters in length and include each of the following: an uppercase letter, a lowercase letter, a number and a special symbol
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
6
TC:2/1/2011
Appliance Administration Guide Base 3.2
Status > Basics
The Basics page gives you information about your Bomgar Box
and allows you to monitor your system. You can also set your
local time to any valid global time zone. The system time will
always be displayed in UTC.
For companies with more than one site responding to one IP
address, select a default site to respond should someone enter
the IP address directly rather than the domain name. If more
than one DNS entry directs to this IP address and you select No
Default, an error message will appear if someone tries to
access your site by entering the IP address. This setting can
usually be left unchanged.
From this page, you can also reboot or shut down your Bomgar
Box. Although rebooting your appliance is not required, you
may want to make a monthly reboot part of your regular
maintenance. You do not need physical access to the
appliance in order to perform this reboot.
Please do not do the following unless instructed to do so by
Bomgar Support: Clicking the Reset Appliance to Factory
Defaults button will revert your Bomgar Box to its factory state.
This will completely remove all data, configuration settings,
support sites, and certificates from your appliance. Once the
Bomgar Box is reset, it will also power itself off.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
7
TC:2/1/2011
Appliance Administration Guide Base 3.2
Status > Storage
The Storage page displays the percentage of your Bomgar Box’s hard drive space that is in use.
If you enable all recording features on your support sites (session, presentation, and remote shell recordings) or if your overall
session count is high, it is common to see a higher amount of disk usage. Note that disk usage of 85-95% is NOT a cause for alarm.
If the hard drive should become low on disk space, the Bomgar Box is configured to automatically purge the oldest session
data and recycle that disk space for new session data.
Specific to the Bomgar B300 Appliance
The B300 uses a Redundant Array of Independent Disks to back up your data. RAID 6 is used to allow the appliance to lose up to
2 of its 4 drives without any data loss. In the event of a failure, remove the corrupted drive and contact Bomgar for a return
maintenance authorization and repair or replacement drive. When you replace the damaged drive, that drive will become
the hot spare. You do not need to power off the appliance when replacing drives.
Specific to the Bomgar B400 Appliance
The B400 has two sets of logical Redundant Array of
Independent Disks (RAID) disks. This RAID configuration includes
eight physical disk drives configured into two logical RAID
drives: A RAID 1 configuration that is logical disk 0, and a RAID 6
configuration that is logical disk 1.
If one of the RAID 1 or RAID 6 physical drives fail, no performance impact or data loss will occur. However, second drive failure
in the RAID 6 configuration will degrade performance, although it will not cause data loss.
Hardware Failure Notification (B300 and B400 Only)
The LEDs on your appliance also indicate your hard drives’ status. Normally, the LEDs will blink to indicate disk activity. Should a
hard drive fail, the LED will turn red and an audible alarm will warn you of the failure. The LED of the hot spare on which the data is
being rewritten will blink red until re-synchronization is complete. To turn off the alarm before the system is restored, click the
Silence Alarm button on this web interface.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
8
TC:2/1/2011
Appliance Administration Guide Base 3.2
My Account
Here, you can change the administrator username and
password. Bomgar recommends changing your password
regularly to insure protection against unauthorized access.
You can also select Reset Admin Account, which will restore a
site’s administrative username and password to the default
should the login be forgotten or need to be replaced.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
9
TC:2/1/2011
Appliance Administration Guide Base 3.2
Networking > IP Configuration
Companies with advanced network configurations can
configure multiple IP addresses on the appliance’s Ethernet
ports. Using multiple ports can enhance security or enable
connections over non-standard networks. For example, if
employees are restricted from accessing the Internet but
need to provide off-network support, use one port for your
internal private network and another for the public internet to
allow world-wide users to request support without breaching
your network security policies. The MTU can also be configured
per NIC. 1
For each NIC [network
interface card] on the
appliance, you can view and
verify transmission and
reception statistics.
Under the Global Network
Configuration section,
configure the hostname for
your Bomgar Box and assign a
default gateway per NIC.
Enter an IP address for up to three DNS servers. In the event
that these local DNS servers are unavailable, the Fallback to
OpenDNS Servers option enables the Bomgar Box to use
publicly available DNS servers from OpenDNS. For more
information about OpenDNS, visit www.opendns.com.
Allow your appliance to respond to pings if you wish to be able
to test if the host is functioning. Set the hostname or IP address
for a Network Time Protocol (NTP) server with which you wish
your Bomgar Box to synchronize. The default NTP server is
clock.bomgar.com.
By default, Bomgar uses ports 80 and 443, with 443 replicated
on port 8200. You can configure your appliance to dynamically
listen on multiple ports in order to access the web interface
through any port your desire. Note, however, that the
customer and representative clients are pre-built to run on the
default ports and cannot be modified through this interface.
From the Edit page of an IP address, choose whether that IP
should be enabled or disabled. When adding a new IP address,
you can also select the network port on which you would like
this IP to function. The IP Address field sets an address to which
your appliance can respond, while Subnet Mask enables
Bomgar to communicate with other devices.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
10
TC:2/1/2011
Appliance Administration Guide Base 3.2
For the default IP2 (169.254.1.1), the Telnet Server drop down provides three settings: Full, Simplified and Disabled, as detailed
below. These settings change the menu options of the telnet server that is available only on this private IP and that can be used
in emergency recovery situations. Since the telnet feature is specifically tied to the built-in private IP, it does not appear under
any other configured IP addresses.
Setting
Function
Full
Enables the telnet server with full functionality
Simplified
Allows four options: View FIPS Error, Reset to Factory Defaults, Shutdown and Reboot
Disabled
Completely disables the telnet server
For configured IP addresses, you can allow access to each IP from only the public site and customer client, from only the /login
and /appliance interfaces, or from both.
You can also install a unique SSL certificate for each IP address to avoid browser errors dealing with multiple hostnames.
Bomgar supports full certificate chains of any length. In the Public Certificate File field, upload the certificate for your
appliance’s immediate host. Although nothing will break if intermediate certificates are included in this public key file, any
additional certificates will be ignored.
The Intermediate Certificates File field enables you to upload multiple intermediate certificates between your appliance’s
certificate up to and including the root trust certificate. You can upload multiple intermediate certificates, all in one file or one
file per certificate.
Once you have successfully uploaded the certificate, you should see the details in the SSL Configuration section directly
above the upload fields.
Please do not do the following unless instructed to do so by Bomgar Support:Clicking the Revert to the Factory Default
Certificate button will reset this IP address’s certificate to Bomgar’s default certificate. Using the default certificate may result
in security warnings, as the default certificate will not match the hostname of your appliance.
1Because the Bomgar B100 Appliance has one NIC, IP configuration applies to the appliance rather than to multiple ethernet
ports. You may configure one or more IP address for your Bomgar Appliance. The MTU can also be configured.
2Do not delete or modify the default IP address.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
11
TC:2/1/2011
Appliance Administration Guide Base 3.2
Networking > Static Routes
Should a situation exist in which two networks are unable to talk to each other, you can establish a static route so that an
administrator with a computer on one network can connect through the Bomgar Box to a computer on the other network,
provided that the appliance is in a place where both networks can communicate with it individually.
Only advanced administrators should attempt to set up static routes.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
12
TC:2/1/2011
Appliance Administration Guide Base 3.2
Networking > SNMP
The Bomgar Appliance1 supports Simple Network Management Protocol (SNMP)2 monitoring for network, hard drive(s),
memory, and CPU statistics. This allows tools that collect availability and other statistics via the SNMP protocol to query the
Bomgar Appliance for monitoring purposes.
To enable SNMP for this appliance, select or check Enable SNMPv2. This enables a SNMPv2 server to respond to SNMP queries.
Enter a value for the System Location, the Read-Only Community Name, and the IP Restrictions, or IP addresses that are
allowed to query this appliance using SNMP. Note that if no IP addresses are entered, all hosts are granted access.
1SNMP is not available for the Bomgar B100 Appliance.
2Simple Network Management Protocol (SNMP) is an Internet-standard protocol used for monitoring and managing
networked devices. http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
13
TC:2/1/2011
Appliance Administration Guide Base 3.2
Security > Certificates
Support administrators can associate multiple security certificates with multiple IP addresses. The Certificates section under the
Security tab under /appliance enables administrators to define the relationship between a set of certificates and a set of IP
addresses.
Server Configuration
When you install the Bomgar Appliance, you will need to
navigate to the Server Configuration screen and configure a
security certificate. You have the option of a basic or
advanced server configuration.
Note: The Factory Default may be edited but not removed.
New Basic Configuration
If you have a Bomgar B100, or if you only want one IP address
associated with your Bomgar Appliance, you will need to use
the basic configuration to create a security certificate.
To create a new, temporary self-signed security certificate
with a basic configuration, simply provide a company name
and DNS address for the certificate.
This certificate will be automatically applied to all the IP
addresses configured on your appliance, overriding any
previously applied certificate.
New Advanced Configuration
If you have multiple IP addresses associated with your Bomgar
Appliance, you can use the advanced configuration to create
new security certificates.
You can associate each certificate with an IP address when
you create it, or you can create the certificate and edit it later.
For an advanced certificate configuration, administrators
need to provide a configuration name, assign the
configuration to a new or existing certificate and determine
which IP addresses will be associated with the certificate.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
14
TC:2/1/2011
Appliance Administration Guide Base 3.2
Certificates
To see a list of security certificates available on your Bomgar
Appliance, navigate to the Certificates screen.
Details for each certificate can be seen and edited by clicking
Details.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
15
TC:2/1/2011
Appliance Administration Guide Base 3.2
Certificate Requests
The Certificate Requests screen displays pending requests for
third-party-signed certificates.
Details for existing certificate request can be seen by selecting
the Details link.
To request a new certificate to be signed by a third party, click
New Request.
In the dialogue that follows, complete the details for the new
certificate and select Create Certificate Request.
Once you receive confirmation for the new certificate
request, you will need to navigate to the Import screen and
upload the new certificate.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
16
TC:2/1/2011
Appliance Administration Guide Base 3.2
Keys
Navigate to the Keys screen to view, export or delete the keys
associated with certificates on your appliance.
You may determine which details to include when exporting a
certificate.
Import
Navigate to the Import screen if you have received
confirmation for the new certificate request, or if you need to
upload an existing certificate or private key to the appliance.
Simply browse to the desired file and select Upload.
Once you have uploaded the certificate, you will be able to
edit its details and IP associations.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
17
TC:2/1/2011
Appliance Administration Guide Base 3.2
Security > Appliance Administration
You can restrict access to your appliance’s administrative
interface by setting network addresses that are or are not
allowed and by selecting the ports through which this interface
will be accessible.
You can also configure your appliance to send log messages
to an existing syslog server.1 Bomgar Box logs are sent using the
local0 facility.
1Syslog reporting is not available for the Bomgar B100 Appliance.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
18
TC:2/1/2011
Appliance Administration Guide Base 3.2
Security > SSL Configuration
Choose whether SSL version 2 and SSL version 3 should be
enabled or disabled. For optimum security, the Bomgar web
interface always defaults to SSLv3 before switching to SSLv2.
However, some older browsers only support up to SSLv2. If you
enable only SSLv3 and attempt to access your administrative
interface from an older browser which does not support SSLv3,
Bomgar will not allow you to log in. Enabling SSLv2 will allow you
to connect to your web interface from any computer,
regardless of browser version. Note that these settings only
affect connections to the web interface of your Bomgar Box
and that the support tunnel between your computer and your
customer’s computer is always encrypted with SSLv3.
Select which Ciphersuites should be enabled or disabled on
your Bomgar Box. Drag and drop Ciphersuites to change their
order of preference. Note that changes to Ciphersuites do not
take effect until the Save button is clicked. Managing
Ciphersuites is beneficial to companies who need to operate
in a FIPS environment.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
19
TC:2/1/2011
Appliance Administration Guide Base 3.2
Security > Email Configuration
Configure your SMTP relay server and set one or more administrative contacts so that your Bomgar Box can send you
automatic email notifications.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
20
TC:2/1/2011
Appliance Administration Guide Base 3.2
Support > Utilities
The Utilities section can be used for debugging network problems. If you are unable to establish a connection, these utilities may
help to determine the reason. Test the appliance’s DNS server to check that the hostname or IP address is resolving correctly.
Ping your Bomgar Box to test its network connectivity. You can also use the traceroute to view the path that packets take on
their journey from the appliance to any external system.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
21
TC:2/1/2011
Appliance Administration Guide Base 3.2
Support > Updates
Bomgar will notify you of the latest builds as they become
available. Whenever you receive notification that new update
packages have been built for your appliance, clicking the
Check for Updates button will locate the packages and make
them available for you to install.
If multiple software packages have been built for your
appliance, each one will be listed separately in the list of
available updates. Your new software is automatically
downloaded and installed when you click the appropriate
Install This Update button.
It is not mandatory to use this Check for Updatesfeature. If your
appliance is not internet-facing or if your organization’s security
policy does not allow for automatic update functionality, you
can receive updates by requesting that your Bomgar support
representative email you links to new software packages
directly.
After downloading a software package, browse to the file
from the Manual Installationsection, and then click the Update
Software button to complete the installation.
During the installation process, the Updates page will display a
progress bar to notify you of the overall update progress.
Updates made here will automatically update all sites and
licenses on your Bomgar Box.
Logged in representatives will temporarily lose connections to
any support sessions and the Bomgar Representative Console,
so schedule updates for non-peak hours.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
22
TC:2/1/2011
Appliance Administration Guide Base 3.2
Support > Advanced Support
The Advanced Support section gives you contact information for your Bomgar support team and also allows an applianceinitiated support tunnel back to Bomgar support, enabling quick resolution of complex issues.
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
23
TC:2/1/2011
Appliance Administration Guide Base 3.2
Bomgar Appliance Comparison
Virtual
Appliance
License Type
Enterprise Licensing
Capacity
Defined by Virtual
Infrastructure
Authentication
LDAP
B400
B300
B200
B100
Standard Licensing
Up to 1200
concurrent
technicians
Up to 300 concurrent
technicians
Up to 20 concurrent
technicians
Up to 5 concurrent
technicians
LDAP
RADIUS
Kerberos
Integration
API and SDK for Custom Integrations
API
Database integration and API Extraction Tool
Syslog Server Integration
Microsoft SQL Server
Redundancy
Defined by Virtual
Infrastructure
Dual processors
Dual processors
Single processor
Dual power supplies
Dual power supplies
Single power supply
RAID 1 & RAID 6 –
Eight physical drives
configured into two
logical RAID drives,
supports the loss of
up to three drives
without losing data
RAID 5 – three hard
drives and one hot
spare
Hard drive failure
notification
Failover capable
Hard drive failure
notification
Failover capable
Platform
Support
Windows 95-Win 7, Server 2003-2008 ; Windows Mobile 5.0 - 6.1
Mac OS X 10.3 - 10.6; Apple iOS 3.0+
BlackBerry OS 4.3 - 5.0
Linux: Ubuntu 9.04, 9.10; SLED 10, 11; RedHat Enterprise 4, 5; Fedora Core 11, 12
Jump
Technology
~1000 Jump Clients
[Depends on Virtual
Infrastructure]
Up to 6000 Jump
Clients
Up to 1000 Jump
Clients
Up to 1000 Jump
Clients
Up to 100 Jump
Clients
Deployment
Virtual Appliance
VMware :
• ESX 3.5/ESXi 3.5
• ESX4.0/ESXi4.0
• ESX4.1/ESXi4.1
2U rack-mountable
server 3.5 x 17.2 x 25.5
in., 55 lbs.
1U rack-mountable
server 1.7 x 17.2 x 26.7
in., 45 lbs.
1U rack-mountable
server 1.7 x 16.7 x 14
in., 17.5 lbs.
Desktop-Sized
Appliance
Compatible with
Atlas Deployments
Compatible with
Atlas Deployments
© 2011 Bomgar Corporation. All Rights Reserved.
www.bomgar.com | feedback@bomgar.com | 866.205.3650
24
TC:2/1/2011
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising