ManageEngine Desktop Central Forwarding Server User Guide

Objective

This document will help you understand the need for a Forwarding Server, its purpose and the steps to install and configure the Forwarding Server.

Why do you need a Forwarding Server?

If you are managing Mobile devices using Desktop Central, the computer where Desktop Central Server is installed should be accessible via internet for the Mobile devices to reach the Server. To enable this, you are required to NAT the IP Address of the Desktop Central Server to a public IP Address.

This poses a security risk of exposing your internal IP Address to the outside network.

To overcome this problem, you can install the Forwarding Server component in your DMZ, which will act as a proxy for forwarding the requests from mobile devices to Desktop Central Server. This design helps you to protect your internal network from being exposed directly.

What Forwarding Server does?

Forwarding server acts as an intermediate between the managed mobile devices and the Desktop Central server. Desktop Central server communicates with the APNs/GCM to wake the mobile device. All communications from the mobile device will be routed through the forwarding server. When the device tries to contact the Desktop Central server, forwarding server receives all the connections and redirects it to the Desktop Central Server. Forwarding Server is currently designed to forward request only from mobile devices and not from managed Desktops.


 

Ports to Open on the Firewall

  1. If there is a firewall between the Forwarding Server and the Devices (internet), you should allow HTTPS port 8383 (default) on this firewall. This should be the same as the Web port that is used for connecting to the Desktop Central Server in secure mode.
  2. If there is a firewall between your Forwarding Server and Desktop Central Server, open port 8020 (default). This should be the same as the Web port that is used for connecting to the Desktop Central Server in normal mode.

Configure the NAT Settings in Desktop Central Server

NAT Settings should be configured on the Desktop Central Server as below:

  1. Click MDM tab on Desktop Central
  2. Under Settings, click NAT Settings
  3. Under NAT Device, enter the FQDN / DNS name that is used to reach the Forwarding Server from outside your network.
  4. Click Save to save the changes.
  5. Restart the Desktop Central Server.

Setting Up Forwarding Server

Setting up forwarding server, involves the following steps:

  1. Configuring Forwarding Server
  2. Installing the Certificates

Configuring Forwarding Server

  1. Download the Forwarding Server from here
    http://www.manageengine.com/products/desktop-central/dcforwardingserver.exe
  2. Double click the exe to start the installation process
  3. Enter the Desktop Central Server Name, HTTP and HTTPS Port numbers and click  Next
    1. DC Server Name : Specify the FQDN/DNS/IP address of the DC server
    2. DC HTTP Port : The port number that the forwarding server uses to contact the DC server (ex:8020)
    3. DC HTTPS Port : The port number that the mobile devices use to contact the DC server (ex:8383 - it is recommended to use the same port 8383(HTTPS) for Desktop Central Server in secured mode).

Installing the Certificates

  1. Perform the sequence of operations as listed below:
    1. If you are using Self Signed Certificate, follow the steps mentioned below: Copy the server.crt and server.key files located in Desktop Central Server under ManageEngine\DesktopCentral_Server\apache\conf directory to the ManageEngine\DCForwardingServer\apache\conf directory in the computer whereForwarding Server is installed
      or
    2. If you are using Third Party Certificate, follow the steps mentioned below:
      1. Third Party Server Certificate has to be renamed as server.crt
      2. Private key has to be renamed as server.key
      3. If you have an intermediate certificate, then modify the file name as inermediateca.crt
      4. Copy the server.crt, server.key and the intermediate certificate and paste it in the location where the forwarding server has been installed - ManageEngine\DesktopCentral_Server\apache\conf
      5. If you have an intermediate certificate,
        1.Rename intermediate certificate to intermediate.crt
        2.copy intermediate.crt and paste it in location ManageEngine\DCForwardingServer\apache\conf\
        3.open ManageEngine\DCForwardingServer\conf\websetting.conf and add the below mentioned line:
            intermediate.certificate=         intermediate.crt

You have successfully copied the cetificates, click install to complete the installation process.

Verifying the  Forwarding Server

Forwarding Server will start automatically. You can verify the same by running services.msc from the same computer as shown in the image displayed below.

You have successfully configured the forwarding server

Trouble Shooting Tips(Read KB):

  1. Verify if the certificates are copied to the specified location correctly
  2. Ensure that Port # 8383 is not used by some other service/process
  3. Ensure that you use “Run As Administrator” and have necessary permissions to install the service.
 
Copyright © 2005-2014, ZOHO Corp. All Rights Reserved.
ManageEngine