RM Gateway Configuration
The RM Gateway Configuration tab is used to configure the Off-Network Remote Management (ONRM) services which allow Desktop Authority to remotely control online computers that are currently disconnected from the corporate network. This feature extends the capabilities of the Desktop Authority Remote Management feature to support connecting to computers across networks.
NOTE: Desktop Authority’s Off-Network Support (ONS) feature, used to push configuration updates to computers while they are remote and disconnected from the corporate network, is not required for the Off-Network Remote Management feature to work. However, having Off-Network Support enabled provides the added benefit of being able to deploy the Remote Management client (Expert Assist) to both on and off-network computers that are joined to the corporate domain.
LAN Gateway Configuration
The LAN Gateway is used to transfer data between the Desktop Authority Console and Off-Network clients. The Host IP and Port specified here are read-only. They are the IP and Port that were specified during the installation of this feature through the Desktop Authority Installer or the DA Setup tool.
Internet Gateway Configuration
The Internet Gateway is a required component of the ONRM (Off-Network Remote Management) feature and is responsible for storing the external IP address and the port number used by remote RM clients while off-network. Optionally, the Internet Gateway can be installed on a machine with a public address and act as a proxy between the LAN Gateway and connections from external clients. However, for optimal performance, we strongly recommend the Internet Gateway be configured with the public/external IP address and Port of the network’s router. From there, Port Forwarding can be used to route the associated traffic from RM clients directly to the LAN Gateway service (by-passing the Internet Gateway).
Enabling Off-Network Remote Management from the DA Setup Tool (or during Installation)
The RM Gateway Configuration tab will only be visible in the Desktop Authority (DA) console if the Off-Network Remote Management feature was either enabled during the installation of Desktop Authority, or post-installation via the Desktop Authority Setup Tool.
If the RM Gateway is not visible, please go to the ONRM tab of the DA Setup Tool and enable the feature.
Downloading the Internet Gateway installation package
In order to configure the Off-Network Remote Management feature, the Internet Gateway application needs to be downloaded and installed.
From the Internet Gateway section of RM Gateway Configuration tab, click the Edit button then enter the requested internal/private Host IP and listening Port.
If you plan on installing the Internet Gateway on your Desktop Authority server, then just enter the IP for your Desktop Authority server and choose any open port.
Once the Internet Gateway’s internally accessible IP/Port is configured, click the Save & Download button. You will be directed to download and install the Gateway via an installation wizard.
The Internet Gateway install will be downloaded to your machine. If you will be installing it on another computer simply copy this file over to the other computer. Otherwise, you can run the installation right away.
Installing the Internet Gateway
1. Launch the Gateway installer and enter the target installation folder.
Click Next to continue.
2. Next, you will need to specify a public, external facing IP address. This will be used when a remote client is connecting into the corporate network. If there is no external facing (public) IP address attached to a network adapter on the Internet Gateway server, then the NAT option must be used to specify the public
IP address of your router (recommended for best performance).
3. Next, you must enter the TCP port that will be used by off-network RM clients when connecting back into the corporate network. Click Next to continue.
4. At this point you will be prompted to allow the Internet Gateway installer to create the necessary firewall entries for communication between the LAN and Internet Gateway services.
5. On the next page, click Next to confirm the installation. The installation will run and you will see an Installation Complete dialog when it is complete.
6. Once this process is complete, you MUST save and replicate these settings. Once the Gateway is installed you can come back to this tab to see the status of the Gateway.
Configuring Port Forwarding to the LAN Gateway
If the Internet Gateway was configured using the public address of a router, then the appropriate port forwarding must be done within the router’s configuration in order for the Off-Network Remote Management feature to work properly. Specifically, any traffic being received on the configured Gateway Access Point Port (selected during the installation of the Internet Gateway) must be forwarded to the Host IP address and port of the LAN Gateway.
In the above example, 220.127.116.11 is the public IP address of the router and off-network RM clients will attempt to connect using port 1531 on that IP address. Therefore port 1531 will need to be forward to 192.168.2.43:1528 (LAN Gateway) within this router’s configuration.
Internet Gateway Server
The Host IP address and Port shown here is the information about the server where the Internet Gateway is installed.
WAN-side (external) Gateway Access Point
The Host IP address and Port shown here is the information used by Off-Network clients to establish a connection from an outside network. This is the IP address and port used when installing the Internet Gateway.
NOTE: When using the Off-Network Remote Management (ONRM) feature it is highly recommended that you exclude all Quest installation folders from real-time AV/AM (Anti-virus/Anti-Malware) scans. Various AV/AM products have been known to drastically slow down and sometimes completely stop Desktop Authority processes (also potentially affecting the ExpertAssist remote management module).