Connecting to Clients/Controls via a NetSupport Gateway
The primary role of a NetSupport Gateway is to facilitate seamless remote control between PCs that may both be located behind different Firewalls. The Gateway provides a stable and secure method for locating and connecting Clients/Controls via HTTP delivering web based remote control without the need for modifications to existing Firewall configurations.
Typically, companies protect their internal network by using a Firewall, only allowing connections if specific TCP/IP ports have been opened. On occasions you may find that a direct connection between a NetSupport Control and Client is blocked because the Firewall’s they are protected by are configured to prevent outgoing connections on all but the standard TCP/IP ports.
A NetSupport Gateway solves this problem by acting as a third party that sits between the Control and Client, the HTTP protocol, rather than TCP/IP, being used for communications.
Notes:
• Client and Control configurations can have both TCP/IP and HTTP enabled simultaneously thus ensuring that local connections are still valid.
• In version 9.10, Port 443 was introduced as the default for HTTP communications, 3085 being used previously. Gateway settings will be preserved for existing customers who subsequently upgrade, enabling 3085 to continue to be used, but there may be scenarios when upgraded Controls and Clients will need the HTTP Port manually reconfiguring to ensure compatibility.
Gateway Installation and Configuration
The Gateway is designed to run on a machine that is accessible from both the Client and Control. It must therefore have a fixed or static IP address.
The Gateway can be installed as a standalone component on the machine you wish to use, or along with other NetSupport components.
Note: You can also configure NetSupport to communicate via Proxy Servers if used.
To install the Gateway component you must select Custom when choosing the type of NetSupport Installation to perform.
You will also need to configure the properties for the Gateway, primarily the Port to use in communications and the encrypted Key for verifying connections from a Control or Client.
Gateway Configuration Utility
You can access the dialog at the end of the installation, when the dialog will appear automatically, or via the NetSupport Gateway icon which appears in the workstations system tray. Right-click on the icon and select Configure Gateway. The dialog can also be accessed from the Gateway Console select {File}{Configure Gateway} from the drop down menu. Alternatively, you can run the file Pcigwcfg.exe from the NetSupport Manager program folder.
Note: To display the Gateway icon in the system tray choose {Start}{Programs}{Startup}{NetSupport Manager Gateway Console}.
General Tab
Listening Port and Interfaces
Listen on all IP interfaces
The NetSupport Gateway uses HTTP Port 443 by default.
Note: If the Control and/or Client are located behind a firewall, you will need to enable Port 443 within your firewalls configuration.
Listen on specified IP interfaces
You can add multiple IP addresses or enter a specific IP address, select Add and enter the IP address.
Comms. Management Packet Interval
CMPI (secs):
When configured for Gateway connections, the Client workstation confirms it’s availability by periodically polling the Gateway. By default, a network packet is sent every 60 seconds but you can change this if required.
Event Log Files
Gateway activity during an active session is recorded in a text file, default GW001.LOG. This can be useful for checking which Clients and Controls have connected through the Gateway.
Location:
By default, the log file is stored in the NetSupport Manager program folder. i.e. c:\program files\netsupport\netsupport manager\GW001.log. Select Browse to specify an alternative path.
Max File Size (KB):
Over a period of time the log file could become quite large, you can manage this by specifying a maximum file size. When the limit is reached the existing information in the file is overwritten by the new records.
Note: For changes to the log file settings to take affect you will need to restart the Gateway32 service.
Keys Tab
Gateway Keys
This acts as a form of Security Key. The Gateway will not accept connections from a Control or Client unless a “Gateway key” is specified, and that same key is also present at both the Control and Client end. The Gateway can support multiple keys, at least one key must be specified.
Gateway key data is sent encrypted between Client/Control and the Gateway. Once connected to the Gateway all Client/Control security such as user names and security keys will function normally.
Select Add to specify the key. The Key must be at least 8 characters.
Operators Tab
Restrict remote control access to the following users:
To enhance the security you can restrict remote control access to specified users. At the Control a user will be required to configure a username/password in order to browse a Gateway and connect to Clients.
Once enabled select Add and enter the user details and set a password.
Redundancy Tab
Operate as secondary gateway
You can set up a secondary Gateway to take over when the primary Gateway is not available. The secondary Gateway will act as a backup and once the primary Gateway is available the Clients will switch back to this, but it will not disrupt any active remote control sessions.
Select this option if you wish to use this Gateway as a secondary Gateway.
Primary Gateway:
Enter the IP address of your primary Gateway.
Port:
The NetSupport Gateway uses HTTP Port 443 by default.
Licenses Tab
Displays all licenses stored in the NetSupport Manager directory, if you do not have an Internet connection you can manually activate your NetSupport Manager license here.
An activation code is required, contact NetSupport or your Reseller for this. Click Requires Activation and enter the code. You will then need to restart the Name Server.
Note: If an Internet connection is available the license will activate automatically and the Name Server does not need to be restarted.
To display the NetSupport Gateway icon in the system tray choose {Start}{Programs}{Startup}{NetSupport Manager Gateway Console}. Double-clicking the icon will display a status window listing any current activity through the Gateway. You can also access the Gateway Configuration Utility by right-clicking the icon and selecting Configure Gateway.
Note: You will need to note the IP address of the Gateway machine as this will be required when configuring the Control and Client machines. In addition, you will also need the address of your Proxy Server if this is to be used for routing communications.
Client Configuration
The Client machine needs to be configured to use the HTTP protocol and be given the appropriate Gateway access details.
1. From the Basic or Advanced Client Configurator select {Connectivity-HTTP}.
2. Check the Use HTTP box, Port 443 will be configured by default.
3. Confirm which Gateway to use by entering the IP address of the Gateway machine, you can specify a secondary Gateway, which will take over if the primary Gateway is unavailable.
4. Enter the appropriate Gateway Key as set at the Gateway machine.
5. NetSupport can be configured to route communications through a Proxy Server if required. Enter the server address and an appropriate Port, 8080 recommended.
6. You can override the Comms. Management Packet Interval that is set at the Gateway by entering a time here.
7. Click OK.
Control Configuration
As with the Client, HTTP also needs to be enabled at the Control.
1. From the Control Window drop down menu select {Network}{Configure}{Connectivity-HTTP}.
or
To apply the setting to a specific profile, choose {Tools}{Configurations} from the Control Window drop down menu. Select the required profile and choose Connectivity and Startup Settings.
2. Check the Use HTTP box, Port 443 is configured by default.
3. Click OK.
Add Gateways
The Control can communicate with multiple Gateways and the details of each need to be added at the Control end.
1. From the Control Window Tree View select the Gateway folder.
or
Select New from the Control Window toolbar.
2. Choose Add Gateway. The Add a Gateway wizard will appear.
3. Enter a Name and Description for the Gateway. Click Next.
4. Enter the IP Address of the machine where the Gateway is installed and confirm the Port number to use, 443 will be specified by default. If required enter a secondary Gateway to be used if the primary Gateway is unavailable. Click Next.
5. If this Gateway is to communicate through a Proxy Server enter the IP Address and Port to use. Click Next.
6. Enter the Gateway Key. This must match the Key set at the Gateway and Client end.
7. To restrict the use of browsing and controlling remote Clients, enter a username and password. Click Finish.
8. The new Gateway will be added to the list view.
9. Repeat the above process for any other Gateways that the Control needs to use.
Control-Gateway-Client Communications
Now that all the elements are in place, you are ready to attempt connections through the Gateway. The Gateway serves 3 basic purposes:
To receive and store Client registrations
For a Client to be available to a Control it must connect and stay connected to the Gateway. The Client indicates its readiness by periodically polling the Gateway that it has been configured to use. The Gateway stores the Client details in an internal table.
Respond to Browse commands from the Control
Once the Control has added the required Gateways it can Browse them for Clients. The Gateway responds by scanning through its list of available Clients and returning those that match the Browse criteria.
Note: Unlike a standard network Browse, where Known Client details are stored for future use, Gateway Client details are lost when the Control closes. This is because the details are maintained at the Gateway end. Although the Client is permanently connected to the Gateway, the Control is not and therefore needs to Browse the Gateway each time it wants to find Clients.
1. From the Internet Gateways folder in the Control Window Tree View select the required Gateway and double-click Browse Gateway. The Browse Gateway dialog will appear. Enter a partial Client name or leave blank to search for all available Clients.
or
Right-click on the Gateway name in the Tree View and select Open. This will automatically Browse for all available Clients.
2. Found Clients will appear in the List view and you can now connect and remote control them in the usual way.
Note: You can ask for a combined Network and Gateway Browse by selecting Browse from the Control Window Toolbar and checking the Include Gateway Clients box. All found Clients will appear in the Browse folder in the Tree View, the Gateway Clients will not be added to the Internet Gateway folder.
Pass all data between connected Controls and Clients
Although data is transferred between the connected Control and Client via the Gateway this will appear seamless and performance will not be affected.