Advertising the Goverlan Reach Server
To use GRS services, the implemented GRS must be advertised on your network. The GRS advertisement enforces that the configured policies and other services’ configuration are applied across all Goverlan software within your infrastructure (both Operator and Client side).
There are multiple ways to advertise a GRS as described below:
| Method | Description | Pros & Cons |
| DNS Service Location Record | This method is preferred for large environments where security is a concern. Global policies and audit log overwriting cannot be tampered with when using this method. | Pros: Secure / Scalable / Fast distribution / Easy to maintain / Permanent Cons: Requires DNS server access See Advertising a GRS via DNS for instructions. |
| Group Policy Object | Use this method when there is no access to the DNS configuration for the site. | Pros: Scalable / Easy to maintain / Permanent Cons: Not secure / Slow distribution / Requires GPO admin template access See Advertising a GRS via Group Policies for instructions. |
| Manual Configuration via Registry | Use this method in small environments or during an evaluation of Goverlan Services. | Pros: No DNS/GPO access required / Quick configuration changes possible.
Cons: Not secure / No scalable / Not Permanent / Hard to maintain. See Advertising a GRS Manually for instructions. |
Advertising the Goverlan Reach Server via DNS
Your Goverlan Reach Server must be registered in DNS in order for clients to be aware of its existence. To register your server in DNS, you must create at least one Service Location Record (SRV) for it.
Create the Goverlan Service Location Record
The following describes how to create the Goverlan SRV DNS record using the Microsoft DNS MMC snap-in. If you do not use this tool, any other DNS Administration tool will do.
1. Open the DNS MMC Snap-in and set the container focus to the ROOT _tcp folder of your primary domain:
2. From the menu, select Action > Other New Records…, scroll down the list of resource types and select Service Location (SRV) and click on Create Record…
3. Set the Service to _goverlanServer, the protocol to _tcp and configure the Port Number to 22100.
Finally, enter the full DNS name of the server which is hosting the Goverlan Reach Server.
22100 is the default port number used by Goverlan Reach Server. However, the port number is configurable in Goverlan Server Settings. Make sure that the port number configured in the DNS SRV record matches the port number used by the server.
4. Click on OK. Then click on Done.
Advertising the Goverlan Reach Server via GPO
An alternative to using DNS, is to use a Group Policy Object to publish the existence of your GRS server. Even though a GPO is a less secure way to publish your GRS, it is more practical. If security is less of a concern or if you have an internal system to protect your Group Policy settings then this is a good way to publish your GRS.
GPO configuration does not bypass a DNS configuration. If both a GPO and a DNS configuration exists, the DNS configuration takes precedence.
Configuration
Once you have installed the Goverlan GPO Template(C:\Program Files\Goverlan Reach Console 9\GPO Templates) open the Goverlan Global Policies > Goverlan Common Settings category and configure the Goverlan Reach Server Configuration setting:
The Goverlan Reach Server Configuration Policy is defined via a single string that represents a coma separated value list of server names and ports.
Format: Server1:PORT, Server2:PORT, ServerX:PORT
Validation
After performing a GPUPDATE /FORCE on your Console machine, you should see the Reach Server appear under Application > General Settings > Reach Server in the Goverlan Console.
The following Registry Key will be consumed by both the Goverlan Console and Goverlan Client Agents for the existence of a Goverlan Reach Server:
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Goverlan Inc\Global Policies\GCS
String Value Name: _gcs_v3_server_list
Value: FQDNofServer:PORT Example: myGRS.corp.local:22100
Advertising the Goverlan Reach Server Manually
Manual Configuration via the Goverlan Agent Manager
The Goverlan Agent Manager can be used to push a GRS configuration onto your machines. This tool is accessible from the Application menu of the Goverlan Reach Server (as well as Goverlan Operator software).
Using the Goverlan Agent Manager:
- Define the list of machines to be configured.
- Select them all and click on Push Agent Configuration > Manually Publish a Goverlan Reach Server.
- Enter the Goverlan Reach Server address and port and click on Apply.
The remote machines must be equipped with the Goverlan Client Agents to receive a configuration.
Manual Configuration via the Operator Configuration
The configuration of a Goverlan Reach Server can also be performed directly via the settings of the Goverlan Remote Control and Goverlan Management Console software.
If a GRS advertisement via DNS or GPO has been detected, you will not be able to manually configure an entry.
Select the Goverlan Reach Server section of the Application Settings window of the software and enter the network address of the GRS to use:
Deploying the Goverlan Software
Once the GRS is implemented and advertised, begin deploying the Goverlan software to the Operators and the Goverlan Client Agent to client machines (endpoints). All Goverlan software within the scope of the GRS’ advertisement will be under the influence of your server.
If you wish to use the GRS Goverlan Licensing Services, do so before deploying the Goverlan Operator software.
To pre-install the Goverlan Client Agents on a set of client machines, you can use the Goverlan Agent Manager. See Goverlan Client Agents Installation.