EV Reach Server - Configuration - Advertising the Server

Last modified on 2023/07/12 14:03
Contents

To use EV Reach Server services, the implemented EV Reach Server must be advertised on your network. The EV Reach Server advertisement enforces that the configured policies and other services’ configuration are applied across all EV Reach software within your infrastructure (both Operator and Client side).

There are multiple ways to advertise a EV Reach Server as described below:

MethodDescriptionPros & Cons
DNS Service Location RecordThis method is preferred for large environments where security is a concern. Global policies and audit log overwriting cannot be tampered with when using this method.Pros: Secure / Scalable / Fast distribution / Easy to maintain / Permanent

Cons: Requires DNS server access

See Find out more for instructions.

Group Policy ObjectUse this method when there is no access to the DNS configuration for the site.Pros: Scalable / Easy to maintain / Permanent

Cons: Not secure / Slow distribution / Requires GPO admin template access

See Find out more for instructions.

Manual Configuration via RegistryUse this method in small environments or during an evaluation of EV Reach Services.Pros: No DNS/GPO access required / Quick configuration changes possible.

 

Cons: Not secure / No scalable / Not Permanent / Hard to maintain.

See Find out more for instructions.

Advertising the EV Reach Server via DNS

Your EV Reach Server must be registered in DNS in order for clients to be aware of its existence. To register your server in DNS, you must create at least one Service Location Record (SRV) for it.

Create the EV Reach Service Location Record

The following describes how to create the EV Reach SRV DNS record using the Microsoft DNS MMC snap-in. If you do not use this tool, any other DNS Administration tool will do.

1. Open the DNS MMC Snap-in and set the container focus to the ROOT _tcp folder of your primary domain:

dns-srv.jpg

2. From the menu, select Action > Other New Records..., scroll down the list of resource types and select Service Location (SRV) and click on Create Record...

dns-srv-2.jpg

3.  Set the Service to _goverlanServer, the protocol to _tcp and configure the Port Number to 22100.

Finally, enter the full DNS name of the server which is hosting the EV Reach Server.

Note: 22100 is the default port number used by EV Reach Server. However, the port number is configurable in EV Reach Server Settings. Make sure that the port number configured in the DNS SRV record matches the port number used by the server.

dns-srv-3.jpg

4. Click on OK. Then click on Done.

Advertising the EV Reach Server via GPO

An alternative to using DNS, is to use a Group Policy Object to publish the existence of your EV Reach Server server. Even though a GPO is a less secure way to publish your EV Reach Server, it is more practical. If security is less of a concern or if you have an internal system to protect your Group Policy settings then this is a good way to publish your EV Reach Server.

Note: GPO configuration does not bypass a DNS configuration. If both a GPO and a DNS configuration exists, the DNS configuration takes precedence.

Configuration

Once you have installed the EV Reach GPO Template(C:\Program Files\EV Reach Console 9\GPO Templates) open the EV Reach Global Policies > EV Reach Common Settings category and configure the EV Reach Server Configuration setting:

grs-gpo.jpg

The EV Reach Server Configuration Policy is defined via a single string that represents a coma separated value list of server names and ports.

Format: Server1:PORT, Server2:PORT, ServerX:PORT

Validation

After performing a GPUPDATE /FORCE on your Console machine, you should see the Reach Server appear under Application > General Settings > Reach Server in the EV Reach Console.

The following Registry Key will be consumed by both the EV Reach Console and EV Reach Client Agents for the existence of a EV Reach Server: Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Goverlan Inc\Global Policies\GCS

String Value Name: _gcs_v3_server_list

Value: FQDNofServer:PORT    Example:   myGRS.corp.local:22100

grs-reg.jpg

Advertising the EV Reach Server Manually

Manual Configuration via the EV Reach Agent Manager

The EV Reach Agent Manager can be used to push a EV Reach Server configuration onto your machines. This tool is accessible from the Application menu of the EV Reach Server (as well as EV Reach Operator software).

Using the EV Reach Agent Manager:

  1. Define the list of machines to be configured.
  2. Select them all and click on Push Agent Configuration > Manually Publish a EV Reach Server.
  3. Enter the EV Reach Server address and port and click on Apply.

Note: The remote machines must be equipped with the EV Reach Client Agents to receive a configuration.

Manual Configuration via the Operator Configuration

The configuration of a EV Reach Server can also be performed directly via the settings of the EV Reach Remote Control and EV Reach Management Console software.

Note: If a EV Reach Server advertisement via DNS or GPO has been detected, you will not be able to manually configure an entry.

Select the EV Reach Server section of the Application Settings window of the software and enter the network address of the EV Reach Server to use:

image32-7.png

Deploying the EV Reach Software

Once the EV Reach Server is implemented and advertised, begin deploying the EV Reach software to the Operators and the EV Reach Client Agent to client machines (endpoints). All EV Reach software within the scope of the EV Reach Server’ advertisement will be under the influence of your server.

Note: If you wish to use the EV Reach Server Licensing Services, do so before deploying the EV Reach Operator software.

To pre-install the EV Reach Client Agents on a set of client machines, you can use the EV Reach Agent Manager. See EV Reach Client Agents Installation.

Tags:
Powered by XWiki © EasyVista 2022