Understanding Goverlan Reach Server Roles
Goverlan Reach Server Roles allow organizations to leverage multiple Reach Servers for the purposes of Goverlan Policy Distribution or Auditing of Goverlan Events. Reach Servers can also be spread across multiple geographic locations or be used in a Load Balancing \ Redundancy scenario.
Reach Server Roles
The following roles are supported:
- Secondary (within my organization)
- Secondary (external site)
The Primary Server Role is usually the first one installed in an organization. The Primary Server will have the ability to edit all policies and configurations. There is no limitation on the number of Primary Servers that an organization can have.
Secondary (within my organization) Role
Secondary (within my organization) servers are read only servers that can be deployed within your organization. A Secondary server will distribute policies and collect audit events from the agents under its control. However, all editing ability will be disabled.
Secondary Servers can be used as redundant or load balancing servers. Load balancing can be achieved by deploying the servers behind a load balancing appliance or by using DNS Round Robin.
Secondary (external site) Role
Secondary (Over the Internet) Roles have the same capabilities of the Secondary (within my organization) servers but will connect over a Goverlan Reach Gateway. Use Secondary servers to connect a remote site to your organization for centralized policy distribution and auditing of Goverlan events.
Configuring Server Roles
Acquiring a Goverlan Reach Server License
All Goverlan customers are given one Goverlan Reach Server license at the time they purchase. Additional licenses can be created free of cost at my.goverlan.com.
Login to my.goverlan.com, select the Goverlan Reach Server product under the Licenses section, then click on the Add License option. Specify a relevant name for your license and use this one to sign-in to the Secondary Goverlan Reach Server.
Primary and Secondary (within my organization) configuration
The Server Role can be set in the Application > Server Configuration tab of any Reach Server.
A centralized database is required for Primary and Secondary (within my organization) servers to operate . Both servers must be pointing to the same database in their respective settings configuration.
Once both Primary and Secondary (within my organization) servers are using the same database they will begin to communicate and synchronize policy and audit data.
A secondary server can easily be converted to a primary server simply by changing the role in the Server Role page. Once the role has been changed, it will become a server with editing capabilities.
Secondary (external site)
Secondary (external site) configurations communicate with a Goverlan Reach Gateway Service to synchronize Policies and Audit events from external sites that are not connected to your organization.
The following information is required to configure a Secondary (external site) server.
- External Site Name – This is the name the devices will appear under when browsing the Goverlan Reach Console.
- Gateway Public Address and Port – This is the address or host name of the Gateway where Reach Services are located.
- Certify server identity with TLS – Enable this if the Source Gateway Server is equipped with a TLS certificate.
- Check-in with server every – Configure the polling frequency between this server and the Gateway Server.
Advertising a Goverlan Reach Server
All servers can be advertised using a DNS SRV record, Group Policy or Manual Configuration. For more information, see Advertising a Goverlan Reach Server.