Advertising the Goverlan Reach Server

Advertising the Goverlan Reach Server

To use GRS services, the implemented GRS must be advertised on your network. The GRS advertisement enforces that the configured policies and other services’ configuration are applied across all Goverlan software within your infrastructure (both Operator and Client side).

There are multiple ways to advertise a GRS as described below:

Method Description Pros & Cons
DNS Service Location Record This method is preferred for large environments where security is a concern. Global policies and audit log overwriting cannot be tampered with when using this method. Pros: Secure / Scalable / Fast distribution / Easy to maintain / Permanent

Cons: Requires DNS server access

See Advertising a GRS via DNS for instructions.

Group Policy Object Use this method when there is no access to the DNS configuration for the site. Pros: Scalable / Easy to maintain / Permanent

Cons: Not secure / Slow distribution / Requires GPO admin template access

See Advertising a GRS via Group Policies for instructions.

Manual Configuration via Registry Use this method in small environments or during an evaluation of Goverlan Services. Pros: No DNS/GPO access required / Quick configuration changes possible.

 

Cons: Not secure / No scalable / Not Permanent / Hard to maintain.

See Advertising a GRS Manually for instructions.

Advertising the Goverlan Reach Server via DNS

Your Goverlan Reach Server must be registered in DNS in order for clients to be aware of its existence. To register your server in DNS, you must create at least one Service Location Record (SRV) for it.

Create the Goverlan Service Location Record

The following describes how to create the Goverlan SRV DNS record using the Microsoft DNS MMC snap-in. If you do not use this tool, any other DNS Administration tool will do.

1. Open the DNS MMC Snap-in and set the container focus to the ROOT _tcp folder of your primary domain:

2. From the menu, select Action > Other New Records…, scroll down the list of resource types and select Service Location (SRV) and click on Create Record…

3.  Set the Service to _goverlanServer, the protocol to _tcp and configure the Port Number to 22100.

Finally, enter the full DNS name of the server which is hosting the Goverlan Reach Server.

Note:

22100 is the default port number used by Goverlan Reach Server. However, the port number is configurable in Goverlan Server Settings. Make sure that the port number configured in the DNS SRV record matches the port number used by the server.

4. Click on OK. Then click on Done.

Advertising the Goverlan Reach Server via GPO

An alternative to using DNS, is to use a Group Policy Object to publish the existence of your GRS server. Even though a GPO is a less secure way to publish your GRS, it is more practical. If security is less of a concern or if you have an internal system to protect your Group Policy settings then this is a good way to publish your GRS.

Note:

GPO configuration does not bypass a DNS configuration. If both a GPO and a DNS configuration exists, the DNS configuration takes precedence.

Configuration

Once you have installed the Goverlan GPO Template(C:\Program Files\Goverlan Reach Console 9\GPO Templates) open the Goverlan Global Policies > Goverlan Common Settings category and configure the Goverlan Reach Server Configuration setting:

The Goverlan Reach Server Configuration Policy is defined via a single string that represents a coma separated value list of server names and ports.

Format: Server1:PORT, Server2:PORT, ServerX:PORT

Validation

After performing a GPUPDATE /FORCE on your Console machine, you should see the Reach Server appear under Application > General Settings > Reach Server in the Goverlan Console.

The following Registry Key will be consumed by both the Goverlan Console and Goverlan Client Agents for the existence of a Goverlan Reach Server:
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Goverlan Inc\Global Policies\GCS

String Value Name: _gcs_v3_server_list

Value: FQDNofServer:PORT    Example:   myGRS.corp.local:22100

Advertising the Goverlan Reach Server Manually

Manual Configuration via the Goverlan Agent Manager

The Goverlan Agent Manager can be used to push a GRS configuration onto your machines. This tool is accessible from the Application menu of the Goverlan Reach Server (as well as Goverlan Operator software).

Using the Goverlan Agent Manager:

  1. Define the list of machines to be configured.
  2. Select them all and click on Push Agent Configuration > Manually Publish a Goverlan Reach Server.
  3. Enter the Goverlan Reach Server address and port and click on Apply.
NOTE:

The remote machines must be equipped with the Goverlan Client Agents to receive a configuration.

Manual Configuration via the Operator Configuration

The configuration of a Goverlan Reach Server can also be performed directly via the settings of the Goverlan Remote Control and Goverlan Management Console software.

NOTE:

If a GRS advertisement via DNS or GPO has been detected, you will not be able to manually configure an entry.

Select the Goverlan Reach Server section of the Application Settings window of the software and enter the network address of the GRS to use:

Deploying the Goverlan Software

Once the GRS is implemented and advertised, begin deploying the Goverlan software to the Operators and the Goverlan Client Agent to client machines (endpoints). All Goverlan software within the scope of the GRS’ advertisement will be under the influence of your server.

NOTE:

If you wish to use the GRS Goverlan Licensing Services, do so before deploying the Goverlan Operator software.

To pre-install the Goverlan Client Agents on a set of client machines, you can use the Goverlan Agent Manager. See Goverlan Client Agents Installation.

Was this article helpful?

Related Articles