EV Reach Gateway Services are enabled via the EV Reach Server. The EV Reach Server is a software component that can be installed on 64-bit only Windows Server 2008 R2 or later.

Implementing a EV Reach infrastructure is done via the following 3 steps:

Basic Configuration

This configuration applies to corporate infrastructures and to software product vendors who want to support their products via On-Demand support sessions.

At least ONE Primary EV Reach Server must be installed on the private network where the EV Reach support operators are located.

This configuration allows for unattended access of any client computer equipped with the EV Reach Client Agent as well as attended access of any other computer via an On-Demand Reach session.

See the section Implementing the Master EV Reach Server

Adding Support for Remote Client Sites

A Client Site configuration applies to IT Service Providers who wish to manage their customer sites with EV Reach Gateway Services. Client Sites can also be used by multi-site enterprise environments to extend Reach Services to them.

An optional Secondary EV Reach Server can be implemented at each client site for Policy and Auditing:

This configuration is defined under Enabling Remote Client Sites with Reach.

Implementing the Master EV Reach Server

Download and Install the EV Reach Server

The latest EV Reach Server can be downloaded by logging into my.goverlan.com, selecting the EV Reach Server tab and clicking on Download This Product.

Minimum System Requirements: The EV Reach Server software can be installed on any Windows Server 2008/Server 2008 R2 or later operating system with a minimum of 4GB of RAM and 200MB of available disk space.

Configure the EV Reach Server

Open the Server Configuration window and configure the following options:

Relationship

A EV Reach Server can be a primary server or a dependent server. The primary server is installed within the authoritative site (the site where EV Reach Operators reside). In the case of a MSP implementation, client-site EV Reach Server’s will be dependent on the primary (covered later under Enabling Remote Client Sites with Reach).

For this master server, keep this setting as the Primary EV Reach Server.

Server Settings

Network Configuration

The port exposed on the internal side of the network used to provide EV Reach Server services to your internal machines is defined here. This port should be reachable by all of your machines within the private infrastructure.

The default port number is 22100.

Server Services Authentication

Enter the user ID and password that will be used to start the EV Reach Server and EV Reach Gateway Services.

This account needs to have the following privileges:

• Logon as a service permission
• Local Administrator permission on the server
• DB Creator right if using a MS SQL Server (Optional)

Database Settings

By default, the EV Reach Server installer will automatically install a LocalDB database. This file-based database can accommodate medium sized networks of up to 500 nodes. No further configuration is necessary for the LocalDB database.

For larger networks, use the EV Reach Server settings to switch to a MS SQL Server/Express instance for the database.

SQL Server Configuration

Change the database type to Microsoft SQL Server and enter the SQL Server details. The Service Account configured in Service Account Configuration is used when Windows Authentication is selected.

If SQL Authentication is required, change the authentication method and enter the SQL account credentials.

Gateway Configuration Steps

The EV Reach Gateway Service requires two TCP ports to be configured. One which is facing the inside of your network, and one that is exposed to the internet through your firewall.

The external TCP port will be used to communicate with external endpoints. Configure your external firewall with a PAT (Port Address Translation) or a NAT (Network Address Translation) rule that is directed at the EV Reach Server’s IP and configured external TCP port.

It is recommended that a friendly DNS name be assigned to the public IP address.

For Example: reach.corpxyz.com would point to the external IP address of the firewall where the rule is configured.

Please refer to your router’s documentation for specific information regarding port forwarding.

About My Organization

Enter the name of your organization in this field (for instance ‘Corp XYZ, Inc.’). This name will be used during On-Demand Support Sessions to brand the package for the remote client. It will also be used as the default container for corporate clients that are connected from outside of your private network.

Publish Gateway configuration to all EV Reach operators via policies

Turn on this option to automatically configure the EV Reach Gateway section of the General Settings of all EV Reach operators via policies. This should be enabled most of the time on the primary EV Reach Server.

Enable Gateway Services on my machines

Enable this option to enable laptops within your organization to automatically register with the Gateway server once they are outside of the organization. This enables you to manage these mobile users even when they are connected to a public network.

Turning off this option will prevent laptops from registering automatically with the Gateway server. You will still be able to support these users via On-Demand sessions.

Roaming Detection Method

Roaming may be configured in multiple ways.

Use Gateway's Private Facing Address (Default) - If the endpoint cannot contact the Private Facing Address, it will register as an external endpoint.

Use Active Directory for Domain Joined Machines - If the endpoint cannot contact a domain controller for its assigned domain, it will register as an external endpoint. Non-Domain endpoints will use the Gateway to determine their roaming status.

Public Facing Reach Address

Enter the Public DNS Name (or IP address if no DNS name has been configured) exposed to the public facing side of your network, as well as the port number to be used for communication.

Secure with Certificate

In the event that a DNS name is configured, you can associate a public certificate with it. Associating a public certificate will further secure the network connection between your clients to your Reach server by enforcing a TLS handshake.

For assistance configuring a TLS certificate for the server, see the section EV Reach Gateway and TLS

It is strongly encouraged to associate an identity certificate to your Reach public facing address. See: Reach Security.

Private Facing Reach Address

Enter the FQDN or IP address of the local server, as well as the port number to be used for communication. This address will be used by EV Reach Operators within your network to communicate with the Reach Server.

EV Reach External Devices Repository

The EV Reach Repository holds active Reach node registration records and is used to browse through the available external endpoints.

The Remove Stale Computer Records setting defines the number of days to wait before removing stale Reach node records. If an external endpoint has not communicated with the Reach server for the configured period, it is automatically removed from the repository.

You can also view and remove stale registrations from the EV Reach Server. Click on View Nodes in the ribbon bar, select Show Registered but disconnected nodes, select the disconnected registrations you wish to delete and click the Delete Records button. Or choose the Clean Records older than XX days option.

This section is irrelevant for On-Demand Only Reach implementations

Advertising the EV Reach Server

To consume EV Reach Server services, the implemented EV Reach Server must advertise its existence on your network. The EV Reach Server advertisement enforces that the configured policies and Reach configuration is applied across all EV Reach software within your infrastructure (both Operator and Client side).

The EV Reach Server existence can be published using one of the following methods:

• Via a DNS Service Location Record
• Via a Group Policy Object
• Manual configuration (for testing)

Start Your Engines

Once you have configured the EV Reach Server/REACH server, you are ready to start the services.

• Click on the Server Controls tab and click on Start.
• Click on the EV Reach REACH tab and click on Start the Server.