Goverlan can be used from day one without further configuration. However additional options and extended services are available. This article describes everything you need to know for a successful integration within your environment.
Managing Systems Over the Internet
The default implementation of Goverlan only allows the support and management of users and machines that are within your organization or are connected to your organization via a VPN.
However, it is possible to manage systems over the internet, on-demand or unattended. To do so, you must implement a Goverlan Reach Server and enable the Goverlan Reach Gateway Services.
Once Goverlan Reach Gateway Services have been configured, you will be able to remotely access machines over the internet. See Accessing External Devices.
Remote Control Authorization & Authentication
- By default, only users holding local administrative privileges on a remote machine are authorized to initiate a remote control session (to grant access to non-local admins, see Configuring Authorization).
- Goverlan automatically uses your credentials when authenticating to the remote machine. If you are executing a task that requires privileges higher than those you hold, Goverlan will automatically prompt you for alternate credentials Goverlan Credential Manager.
Auditing
All actions performed by a Goverlan operator are audited. The default implementation records audit traces in the Windows Event Application Log, however, audits can be centralized using the Goverlan Reach Server.
See: Auditing Operator Remote Control Events
Detecting User’s Machines using fastConnect
Goverlan can detect the logged-in workstations of your users in real-time. A great feature to get to your user’s machines quickly, without prompting the remote user for the information. However, the detection of logged-in workstations may not work upon initial installation of Goverlan as it has a couple of prerequisites.
See: Workstation Detection with fastConnect
Branding and Configuring Goverlan Client Agent Behavior
- Client Side behaviors are fully configurable. By default, an authenticated remote control request is automatically authorized and a visual notification banner is displayed. You can configure other behaviors to meet company guidelines and requirements. (See Customizing Goverlan Client Agent Behavior)
- Most Goverlan user interface elements displayed on your client machines can be branded with your own text and images. (See Custom Branding)
Smart Card Redirection and FIPS 201 compliance
Goverlan Reach RC will allow users to supply smart card credentials to a remote system that is FIPS 201 compliant. Goverlan supports both T0 and T1 (PIV, Common Access Card, etc…) protocols and will work with any PKI compliant infrastructure using smart cards.
Goverlan Reach RC accomplishes this by using the Goverlan Smart Card Reader Driver on the remote machine. This driver and the Goverlan Client Agent must be installed on the remote system before any smart card authentication can be used.