4 Replies Latest reply on May 29, 2013 10:49 AM by georged

    Cloud Gateway Test

    georged Apprentice

      I am trying to test the cloud gateway appliance. Does it require a valid SSL cert? or can i use a self signed cert for now?

        • 1. Re: Cloud Gateway Test
          MarXtar ITSMMVPGroup

          It uses it's own although it can use third party.

           

          Mark McGinn

          MarXtar Ltd/MarXtar Corporation

          http://landesk.marxtar.co.uk

          LANDesk Expert Solution Provider

           

           

          The One-Stop Shop for LANDesk Enhancements

          - Wake-On-WAN - Distributed Wake-On-LAN, Scheduled Power Down, and SWDist Sequencing

          - State Notifier - Real-Time Device & User State Inventory Updating & Alerting

          Update - New Stand-Alone State Notifier Console for Service Desk Operators

          Update - State Notifier now detects machine and user Idle states

          Update - WoW & State Notifier now integrate for even more functionality

          • 2. Re: Cloud Gateway Test
            georged Apprentice

            so i'm a little confused about what is happening with the cloud gateway.

             

            after a fresh install i have a self signed certificate called ldgateway.myexternal.domain

            when i browse to https://ldgateway.myexternal.domain i get the gateway page with cert error.

             

            the core server has certficiate mycoreserver.myinternal.domain

             

            when i link the core server to the ldgateway, the mycoreserver.myinternal.domain private key? gets pushed to the ldgateway?

            do the client agents all have the associated mycoreserver.myinternal.domain public key?

             

            what url are the clients connecting to?

            do i need the ldgateway webpage? i dont really want it, and i'm not thrilled that management is available from the outside? can this be disabled?

            on the ldgateway, what are the multiple hostname options for? should i be using a wildcard or Unified Communications cert?

            can i secure the ldgateway.myexternal.domain with a valid certifiate?

            • 3. Re: Cloud Gateway Test
              MarXtar ITSMMVPGroup

              All good questions

               

              I'll try to answer some:

               

              Q: do the client agents all have the associated mycoreserver.myinternal.domain public key?

               

              For a client to communicate you must first assign it a certificate. You can do this by manually running brokerconfig.exe from the machine or by targeting it via the provided manage script. This runs brokerconfig.exe -r and only works on machines that can see the core server directly. Take a look at the management gateway landing pages for more info, but this ultimately means each machine gets its own certificate and you could 'if you wanted' disable communication for an individual machine.

               

              Q : what url are the clients connecting to?

               

              Clients connect to whatever you have entered as the public name for the gateway. Thsi could be just the IP if you wanted, but normally this would be a publicly resolvable host name.

               

              Q: do i need the ldgateway webpage? i dont really want it, and i'm not thrilled that management is available from the outside? can this be disabled?

               

              No you don't need it. Quite often customer just forward port 443 to the gateway so that the port 80 page is not available.

               

              Q: on the ldgateway, what are the multiple hostname options for?

               

              A gateway can support multiple cores and this means clients may be configured to report/connect in different ways or it may simply be that a naming convention got changed at some point. Simply add in here all variations you want it to respond to (including your standard internal and external names)

               

              Q: can i secure the ldgateway.myexternal.domain with a valid certifiate?

               

              Yes although most don't feel the need. Get things working with the standard method first before you delve into the joys of third party certs.

               

              A couple of quick tips. Don't get too involved in trying to lock the system down until you have it functional. All too often I've had to try to reverse-engineer a customer's security setup just to prove there isn't a problem with the gateway but that an over-enthusiastic security guy closed off things he felt were 'unimportant. I like to have everything open in/out of the gateway and disable its firewall just to get the communication/connection proven (and even just to get a ping back to show something is there!). Once that works I will then start to introduce back the security. Quite often the settings within the gateway's own firewall will be stopping things so don't assume it should always stay on.

               

              Hope it helps.

               

              Mark McGinn

              MarXtar Ltd/MarXtar Corporation

              http://landesk.marxtar.co.uk

              LANDesk Expert Solution Provider

               

               

              The One-Stop Shop for LANDesk Enhancements

              - Wake-On-WAN - Distributed Wake-On-LAN, Scheduled Power Down, and SWDist Sequencing

              - State Notifier - Real-Time Device & User State Inventory Updating & Alerting

              Update - New Stand-Alone State Notifier Console for Service Desk Operators

              Update - State Notifier now detects machine and user Idle states

              Update - WoW & State Notifier now integrate for even more functionality

              • 4. Re: Cloud Gateway Test
                georged Apprentice

                thanks that was extremely good information.