Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Bomgar Verify Installation Guide

Bomgar Verify
Installation Guide
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
TC:8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Table of Contents
Bomgar Verify Server Topology
Internal Server With No External-Facing Web Portal
4
4
Internal Server With Web Resources Published Via a Reverse Proxy, SSL, VPN, etc. 5
Internal Server With Additional Edge Server Deployed in the DMZ
6
Available Bomgar Verify Portals
6
Prerequisites
8
Software Requirements
8
Hardware Requirements
8
Network Connectivity
8
Bomgar Verify Installation
9
Install Microsoft .NET Framework 3.5
9
Begin Bomgar Verify Installation
9
Install Microsoft .NET Framework 3.5
12
Begin Edge Server Installation
13
Advanced Configuration Wizard
16
LDAP tab
16
eMail tab
17
SMS/Voice Gateway tab and Multi-Gateway Support
19
Web SMS Gateway tab
20
Bomgar Verify Admin GUI
26
Upgrading
27
Install Microsoft .NET Framework 3.5
Migrate Bomgar Verify to Another Server
Additional Information
27
29
31
Bomgar Verify Services
31
Example Admin User Configured With ADSI Edit
31
Bomgar Verify Service Permissions Account Wizard
35
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
2
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
LDAP Security
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
36
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
3
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Bomgar Verify Server Topology
Bomgar Verify Security Server 8.1.501 introduces some exciting new features for the two-factor authentication (2FA) arena,
including push notification technology and Near Field Communication (NFC). Push notifications work by sending messages to the
notification center or the status bar of a user's smart phone. NFC allows customers to authenticate using their smart phone. These
new features are dependent on the architectural topology of the Bomgar Verify Server implementation. This section of the guide has
been created to provide some guidelines for selecting the correct topology to deliver all required features for each organization’s
Bomgar Verify Security Server solution.
Note: It is important that the architectural topology of the Bomgar Verify Server implementation be decided prior to installation.
Internal Server With No External-Facing Web Portal
Advantages of this topology
In this topology, there are not any external-facing portals, which means the portals cannot be accessed via the internet. Therefore,
server hardening is not required, and the risk of attack to these portals is limited to internal users only.
Note: Bomgar Verify’s Manage My Token portal requires two-factor authentication.
Disadvantages of this topology
The following token types are not supported:
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
4
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
l
Oneswipe online push
l
Oneswipe offline NFC
In addition, users need to be on the internal local area network (LAN) or VPN to manage changes to their token types in the
Manage My Token portal.
Internal Server With Web Resources Published Via a Reverse Proxy, SSL, VPN, etc.
The Manage My Token portal located in the Internet Information Services (IIS) default website, SecEnrol, must be published to the
internet via a reverse proxy or load balance appliance.
Advantages of this topology
All token types are supported including oneswipe push and NFC. Users are able to manage their tokens externally from any
internet location.
Disadvantages of this topology
The Manage My Token portal must be published to the internet. The risk of attack is to this portal and other portals is greater
because it is exposed to external users.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
5
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Internal Server With Additional Edge Server Deployed in the DMZ
When installing the Bomgar Verify Edge Server, Custom Install must be selected, and only the Manage My Token portal should be
installed.
Advantages of this topology
All token types are supported, including oneswipe push and NFC. Users are able to manage their tokens externally from any
internet location.
Disadvantages of this topology
The Manage My Token portal web service must be hardened using Microsoft’s recommended techniques or must be published
through a DMZ-located reverse proxy. The risk of attack is to this portal and other portals is greater because it is exposed to external
users.
Available Bomgar Verify Portals
All of the following Bomgar Verify portals can be published to the internet:
l
l
l
Admin Portal - enables the Bomgar Verify Security Server Admin console. It is not a recommended practice to publish this
portal to the internet unless the organization is a cloud provider.
Manage my Token Portal - enables the token management portal. This portal may be required for initial enrollment of users
and for on-going management of token types.
Lost Token Emergency Access Portal - allows end users to request a temporary code to disable their lost device.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
6
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Note: This portal is not protected with two-factor authentication and relies on a PIN and password combination along
with answers to predefined secret questions for access. It is recommended that customers do not publish this to the
internet and instead rely on a manual helpdesk process or internal LAN connection for access.
l
l
SecServer Portal - is required for Bomgar Verify if the Windows Logon Agent is being used for logging into remote laptops.
This portal is not required if the organization is not using Windows Logon Agent or is only using the agent to protect internal
servers and desktops.
SecRep - is installed by default on all server instances and is used to automate the replication of the server.ini file between
multiple Bomgar Verify servers, when enabled.
IMPORTANT
Do not publish SecRep to the internet because there is a risk of exposing configuration settings to external users.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
7
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Prerequisites
Software Requirements
l
Windows 2008 (R2) or Windows 2012 (R2)
l
Internet Information Services (IIS) installed with default settings
l
Microsoft .NET 2 and .Net 3.5 installed.
l
Active internet Connection
Hardware Requirements
l
CPU: Pentium class processor 1 GHz or faster
l
HD: 150 Mb of available hard disk space
l
RAM: 120 Mb of available RAM
Network Connectivity
Bomgar Verify Security Server needs read/write access to your Active Directory server via LDAP through port 389 or LDAPs through
port 636.
Note: A service account must exist within each configured domain for all Bomgar Verify servers.
l
l
l
l
If the Web SMS Gateway is being used to send SMS messages, the Security Server needs HTTPS access to the internet
through port 443.
If Apple Push is being used, access to port 2195 is needed in order to allow communication to the Apple Gateway,
gateway.push.apple.com.
The IIS Agent pre 5.4 needs HTTP access between the IIS server being protected and the Verify Server through port 80.
The VPN, IIS Agent, or other RADIUS-based client requires access to Verify’s RADIUS service through the default UDP or
port 1812.
It is recommended that two security servers be installed for each IIS agent or each RADIUS client that is being authenticated. Each
security server should be configured to connect to a primary and secondary Active Directory server. This approach prevents any
single point of failure.
FOR OPERATING SYSTEMS NOT USING ENGLISH LANGUAGE
The following groups must be created prior to installation: Administrators and Guests. The Administrators group must
possess local administrator accounts. The Guests group must possess IIS user accounts using IUSR_(hostname).
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
8
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Bomgar Verify Installation
New Installation of Bomgar Verify Security Server
The following steps describe how to install the Bomgar Verify Security Server and guide the user through the installation process
via the Advanced Configuration Wizard. Please make sure the correct license keys are provided with the purchase of Bomgar Verify
Security Server. If a license key has not been received, please contact Bomgar Support at help.bomgar.com.
Note:During installation, a check is completed to see if Microsoft .NET Framework 3.5 is installed. If it is not installed, Bomgar
Verify downloads and installs the framework.
Install Microsoft .NET Framework 3.5
1. Locate the Bomgar Verify Security Server software and execute the setup file.
2. During this time, the Microsoft .NET Framework 3.5 check is completed. If needed, the framework is downloaded.
3. Click I agree to Microsoft’s license terms to being downloading the framework.
4. Click Install.
5. When the .NET installation is compete, click OK to continue.
6. Click Accept to accept the Bomgar Verify license terms.
7. Click Next.
8. Accept the default destination path for installation, or
enter a new path where Bomgar Verify Security Server
software should be installed. Click Next.
Begin Bomgar Verify Installation
1. Click I agree to Microsoft’s license terms to being
downloading the framework.
2. Click Install.
3. When the .NET installation is compete, click OK to
continue.
4. Click Accept to accept the Bomgar Verify license
terms.
5. Click Next.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
9
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
6. Accept the default destination path for installation, or
enter a new path where Bomgar Verify Security Server
software should be installed. Click Next.
7. On the Setup Type screen, select Typical.
8. Click Next.
9. On the summary screen, click Install.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
10
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
10. For the installation type, select New Installation. Click
Continue.
IMPORTANT
During installation, a unique, customer encryption key is created and encrypted with AES 256 bit technology. It encrypts
any user data such as private telephone numbers and the token types selected and stored within the Bomgar Verify
Security Server. It is essential that the key created and saved in the file config.db is not deleted or overwritten with a
second installation. Otherwise, it is not possible to decrypt the user data stored within the Bomgar Verify Security Server.
For disaster recovery situations, future upgrades, and/or server replications, a backup of Config.db and server.ini MUST
be made.
Note: For disaster recovery, future upgrades, and/or server replications, a backup of Config.db and server.ini MUST be
made. For 32-bit installations, use dir :\program Files\Bomgar\Security Server, and for 64-bit installations, use dir
:\program Files (x86)\Bomgar\Security Server.
11. If the server does not have the CGI module of IIS
installed, a warning message appears. Select OK to
allow Bomgar Verify to begin installing the missing
module.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
11
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
12. If the server does not have the ASP.NET module in IIS,
a warning message appears. Select OK to allow
Bomgar Verify to begin installing the missing module.
13. Complete the installation by entering the company
name and license key. Click Continue.
Note:The company name is displayed when sending
passcode messages to mobile devices.
Install the Bomgar Verify Edge Server
The following steps describe how to install the Bomgar Verify Edge Server and guides the user through the installation process via
the Advanced Configuration Wizard.
Install Microsoft .NET Framework 3.5
1. Locate the Bomgar Verify Security Server software and execute the setup file.
2. During this time, the Microsoft .NET Framework 3.5 check is completed. If needed, the framework is downloaded.
3. Click I agree to Microsoft’s license terms to being downloading the framework.
4. Click Install.
5. When the .NET installation is compete, click OK to continue.
6. Click Accept to accept the Bomgar Verify license terms.
7. Click Next.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
12
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
8. Accept the default destination path for installation, or
enter a new path where Bomgar Verify Security Server
software should be installed. Click Next.
Begin Edge Server Installation
1. On the Setup Type screen, select Custom. Click Next.
2. Select features. Click Next.
3. On the summary screen, click Install.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
13
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
4. For the installation type, select New Installation. Click
Continue.
5. If the server does not have the CGI module of IIS
installed, a warning message appears. Select OK to
allow Bomgar Verify to begin installing the missing
module.
6. If the server does not have the ASP.NET module in IIS,
a warning message appears. Select OK to allow
Bomgar Verify to begin installing the missing module.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
14
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
7. Complete the installation by entering the company
name and license key. Click Continue.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
15
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Advanced Configuration Wizard
Any new installation of the Bomgar Verify Security Server requires the user to step through each tab within the Advanced
Configuration Wizard. This is essential in order to finalize the install, to implement batch services, and to start the services. These
actions can occur only after the user has clicked Continue on each tab. A warning appears on the screen if the user attempts to exit
without completing everything within the wizard.
LDAP tab
Enter all details about the web server. The web server is the machine
hosting and operating the Bomgar Verify Admin Graphical User Interface
(GUI).
1. Select the Directory Type: Microsoft Active Directory (AD), Novell
eDirectory, Managed Users (Microsoft LDS), OpenLDAP, or Sun
Directory Server.
2. Enter the domain name for Primary Domain 1. Information
entered for Primary Domain 1 should reflect the domain where
the AD resides.
3. Press Tab. Move the cursor into the Enter UserID field of the
Search for DN section.
4. Type the name of the account that manages the Bomgar Verify
server.
5. Click Get DN of UserID. This action automatically populates the
DN account details, providing the user is logged on as the
domain administrator for the domain.
6. Click Example to see an example of the administrator DN as
provided directly from AD.
7. If correct, enter the password for the account.
8. Enter the name(s) of the AD server(s).
9. If SSL certificates have been deployed on the AD servers, LDAPs on port 636 can be used by checking the Use SSL box.
Note: LDAPs generally require a fully qualified server name.
10. After completing the required fields, test the connection to the server(s) by clicking Test Server 1 or Test Server 2.
11. If OK is returned, click Continue. If OK is not returned, error messages display and must be rectified before continuing.
Note: LDAPS generally require the server name to be fully qualified. If "Use SSL" is selected, the server name MUST be the
same name as set in the common name of the Directory's server certificate.
12. If an additional domain is needed, click Add New Domain.
13. Enter the LDAP settings for the new domain. The web server information does not need to be changed.
Note: The Net Bios Name is optional and needs to be sets only if the UserID log on uses the net bios name.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
16
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Note: If Use SSL is selected, the server name MUST be the same name as set in the common name of the Directory's server
certificate.
14. Once all information has been entered and a successful test completed, click Continue. A message displays in the wizard,
confirming the batch services have been installed.
15. Click Save and Continue.
Note: Any combination of Vendor LDAP servers is supported in any order. Each domain is configured with its own Bomgar
Verify administration account for read and write permissions. Each Domain MUST share the same Bomgar Verify administration
account, or secondary servers in the same domain will to batch master. This can cause the batch server to run many times and
to send multiple passcodes within a single day.
eMail tab
1. Enter the IP address for the SMTP server in the Email
Server Host field.
2. Enter the Admin Email Address for the SMTP server.
3. Check Authentication is required.
4. Enter the necessary details needed for the SMTP
server to require authentication.
5. To support SMTP servers using TLS, check Use SSL
(TLS).
6. Send a test email by entering information into the Send
Test Message To field.
7. Click Test Email Server.
8. If the test was successful, click Continue.
Note: Please ensure that the SMTP server has been
setup to allow relays from the Bomgar Verify server.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
17
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
IIS URLs tab
The IIS URLs are viewed and maintained from this tab, and if
the server supports HTTPS, the information can be configured
here.
1. Check This IIS Server Supports https.
2. Enter the URL of the web server host.
3. Check Advanced Settings - Manage External URLs.
4. Enter URL information in the URL's section. These URL
values are included in the system-generated emails
sent to users.
5. Click Save and Continue.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
18
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
SMS/Voice Gateway tab and Multi-Gateway Support
Multiple gateways can be configured and maintained via the
SMS/Voice Gateway tab. It is possible to setup as many
gateways as needed. Bomgar Verify supports various gateway
types, like WebSMS, Voice, and Serial or TCP IP modems. The
gateways can be configured based on priority and can easily
be disabled using the wizard. The priority order of the
gateways is controlled using Up and Down. The gateways can
be restricted per country to allow the user more control over
which service is used for certain countries. This is to help
overcome difficulties sending SMS messages in countries that
might not support advanced SMS features, such as flash
messages and SMS overwrite.
Once the priority order set, the priorities can be tested by
clicking Test Connection....
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
19
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Web SMS Gateway tab
1. Select Add to install a Windows service that
communicates with a web-based SMS gateway. An
account is required to use any selected web
SMS provider.
2. Enter the UserID and Password information for the
account.
3. Click Proxies. Enter the proxy information, if needed.
4. Once completed, click Test Connection. If the test is
successful, a message appears indicating
SMS Gateway responded OK.
5. Enter dialing codes for countries that should serviced
by this modem in the Restrict to country field. To
restrict a modem to a certain domain, make a selection
from the Restrict to domain.
6. If errors appear, click the link in Click here to browse
to gateway to manually check a web conection. If the
web browser connection is responding, a Fail Auth
should be returned. This message is returned because
no account information was sent; however, it proves the
SMS Gateway server can be reached and a response
received.
Bomgar Verify can connect to many web-based SMS
providers; however, a new template may be required.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
20
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Modem
1. Select Add to install a Windows service that
communicates with an SMS modem. The SMS modem
is a serial GSM device attached directly to the Verify
server's serial interface. This option allows a
corporation to use its own SIM chip from their Telco and
take advantage of any free or group SMS call rates.
2. To configure the Phone Gateway, make sure the device
is connected and powered on.
3. The following are configurable options:
a. Select a Connection: Choose whether the
connection occurs via a Serial/USB or TCP/IP.
b. Select a Serial Port: Select a serial port.
c. Select Baud Rate: Select the appropriate baud
rate.
d. Send Simple Text: When enabled, this option
allows SMS messages to be sent in simple
mode. Use this feature if the Telco operator
does not support message overwrite (PDU
mode).
e. Restrict to country: Enter dialing codes for
countries that should be serviced by this
modem.
f. Restrict to domain: Select whether to restrict
service to a certain domain.
4. When complete, click OK. The test carries out an ATI
and signal strength test. Version is shown as well as
signal strength information.
Note: Signal strength is measured from 0-31. An acceptable figure is 16 or above.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
21
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Voice
A Voice gateway is configured similar to a web SMS
1. Select Add to install a Windows service that
communicates with a web-based Voice Gateway.
2. Enter the UserID and Password account information.
This is provided by the web voice provider.
3. Click Proxies. Enter th proxy information, if needed.
4. Once completed, click Test Connection. If the test is
successful, a message appears indicating Gateway
responded OK.
5. Enter dialling codes for countries that should be
serviced by this modem in the Restrict to country field.
To restrict a modem to a certain domain, make a
selection from Restrict to domain.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
22
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Mail SMS
1. To allow a third-party facility to have the ability to send
SMS messages via a SMTP server, configure a
gateway and include it in the prioritized list of
gateways.
2. Select Add.
3. Complete the Address Format field, which should be
similar to #MOBILENUMBER#@atyourprovider.com.
4. If the Telco provider allows modifications to the Subject
Format and Body Format fields, modify these as well.
5. Enter dialling codes for countries that should be
serviced by this modem in the Restrict to country field.
To restrict a modem to a certain domain, make a
selection from Restrict to domain.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
23
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Push
The following push notification gateway service connections
can be tested from the Push tab by clicking Test Connection:
l
ApplePushService
l
GoogleCloudMessaging
l
MicrosoftPushService
The test connection returns a status, and a trace is displayed if
desired.
Proxy for Web Services
If the organization requires the use of a proxy server, click Proxies.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
24
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Enter the proxy settings.
Once the properties for the proxy server are saved, the user
can select the proxy when configuring individual gateways for
web services.
Note: To configure proxies for multiple gateways, proxies
must be enabled individually for each gateway.
RADIUS Tab
By default, Bomgar Verify uses RADIUS port 1812. If this port is
already in use, the user can change this setting. Once Update
is selected, the RADIUS batch service starts.
IMPORTANT
For new installations, it is important to know that the
Advanced Configuration Wizard is not allowed to close
until all tabs have been updated. This is to ensure the
batch services start with the correct information.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
25
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Bomgar Verify Admin GUI
To start the Bomgar Verify Admin Graphical User Interface
(GUI), navigate to Start > Programs > Bomgar > Local
Security Server Administration.
The login screen appears. For more information on
managing and configuring Bomgar Verify, please see the
Bomgar Verify Administration Guide at
https://www.bomgar.com/docs/integrations/verify/.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
26
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Upgrading
Prior to Upgrade
Before upgrading the Bomgar Verify Security Server software, please make a copy of the following files:
l
config.db
l
configpre54.db
l
local.ini
l
server.ini
These files are located in the following locations:
l
32-bit installations: dir > Program Files > Bomgar > Security Server
l
64-bit installations: dir > Program Files(x86) > Bomgar > Security Server
Export the registry key, HKLM\software\SecurEnvoy and make a backup copy of the DATA directory.
IMPORTANT
Before upgrading, it is crucial that a backup is made of the following files: config.db, configpre54.db, local.ini, and server.ini. If
the upgrade fails, these files are required to recover the previous Verify instance.
Upgrade Process
Locate the Bomgar Verify Security Server software and execute the setup.exe file.
This will install on top of the existing installation, all server configuration and user’s settings will be preserved.
Note: Any bespoke HTML templates that have been created, will require re-creating upon each Bomgar Verify Security Server
after the upgrade.
Install Microsoft .NET Framework 3.5
1. Locate the Bomgar Verify Security Server software and execute the setup file.
2. During this time, the Microsoft .NET Framework 3.5 check is completed. If needed, the framework is downloaded.
3. Click I agree to Microsoft’s license terms to being downloading the framework.
4. Click Install.
5. When the .NET installation is compete, click OK to continue.
6. Click Accept to accept the Bomgar Verify license terms.
7. Click Next.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
27
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
8. Accept the default destination path for installation, or
enter a new path where Bomgar Verify Security Server
software should be installed. Click Next.
Once the installation is complete, the Advanced Configuration
Wizard automatically launches, and configuration can begin.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
28
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Migrate Bomgar Verify to Another Server
IMPORTANT
Before migrating servers, it is crucial that a backup is made of the following files: config.db, configpre54.db, local.ini, and
server.ini. For 32-bit installations, the files are located at dir\Program Files\Bomgar\Security Server. For 64-bit installations,
the files are located at dir\Program Files(x86)\Bomgar\Security Server.
The recommended method for migrating a Bomgar Verify installation from one server to another is to conduct a clean install of the
Bomgar Verify Security server on the new target machine.
1. When the Advanced Configuration Wizard begins, select Additional server (Replica).
2. Follow the screen prompts, indicating when to use the config.db and server.ini files from the existing server. All global
configuration data is stored on the Bomgar Verify server in the server.ini file, and all user data is stored and encrypted in the
LDAP server and domain. Therefore, no user data is affected when adding an additional Bomgar Verify server.
3. When the new Bomgar Verify server is fully operational, the original server can be decommissioned.
Note: The RADIUS clients, IIS, and Windows login agents all require updating in order to communicate with the correct Bomgar
Verify server.
Note: Multiple security servers must share the same security encryption key, config.db. It is essential to backup this file before
migration.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
29
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Steps to Install Additional Verify Security Servers
1. Run the Security Server’setup.exe file. Install the
program on the next required server.
a. Select Additional Server (Replica).
b. Press Upload config.db.
c. Browse to the config.db file on the first installed
security server installed. The default location for
this file is for 64-bit installation at C:\Program
Files (x86)\Bomgar\Security Server.
d. Repeat the same task for the server.ini file and
optionally for the gateway.ini file.
Note: Each Bomgar Verify Security Server uses a
local.ini file and a server.ini file. This process has
been created to assist deployments where
multiple Bomgar Verify servers exist. Any
changes made on a server update the server.ini
file or local.ini file. At which point, these files must
be copied to the other servers. The local.ini file
stores data regarding local configuration details.
The server.ini file stores data about global
configuration details.
2. Start the Security Server Admin GUI on the new server.
a. Select the menu config by navigating to Start > All Programs > Bomgar > Bomgar Local Administration
b. For a default installation, the physical path is C:\Program Files (x86)\Bomgar\Security
Server\LOCALADMIN\localadmin.exe.
c. Match any changes made to ensure that all servers have the same configuration settings. Additional servers MUST
share the same Bomgar Verify administration account for each domain they manage. The batch server start times
must be set to start at the same time, allowing for any local time zone changes occur properly. Multiple batch server
processes must run within ten minutes of each other or multiple day codes may be sent to end users.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
30
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
Additional Information
Bomgar Verify Services
It is good practice to check that all Bomgar Verify services are
running after installation.
1. Click Start > Run > services.msc.
2. Press OK.
3. All Bomgar Verify services start with SecurEnvoy for
searching and indexing. Check which SecurEnvoy
options have started.
Default options are:
l
SecurEnvoy Batch Server
l
SecurEnvoy RADIUS
l
SecurEnvoy WebSMS Gateway
Example Admin User Configured With ADSI Edit
For Windows 2008 Server
1. Create a user called Bomgar Verify.
2. Select Password never expires.
3. Right-click the top directory.
4. Select Properties.
5. Select Security.
6. Click Add to add the Bomgar Verify user.
7. Click Advanced.
8. Re-select the user in the Permission entries list.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
31
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
9. Click Edit....
10. Select Properties.
11. In the Apply onto field, select Descendant Contact
Objects. Check the following:
a. Allow Write Telex Number
b. Allow Write Telex Number (Others)
c. Allow Write Mobile Number
d. Allow Write E-Mail
12. Change the Apply onto field from Contact Objects to
User Objects. All the selected attributes carry over to
User Objects.
13. Select Object.
14. Select Descendant User Objects.
15. Check Reset Password and Change Password.
16. Click OK.
17. Click Apply. The account should have six permissions.
adsf
18. Right-click AdminSDHolder under the directory CN=system and select Properties.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
32
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
a. Select Allow inheritable permissions.
b. Press OK. This adds support for users that are members of the following protected groups:
l
Administrators
l
Account Operators
l
Server Operators
l
Print Operators
l
Backup Operators
l
Domain Admins
l
Schema Admins
l
Enterprise Admins
l
Cert Publishers
Note: The Write userAccountControl permission, found within Properties > Descendant User Objects, is required for
password reset.
For Windows Server 2012
1. Create a user called Bomgar Verify.
2. Select Password never expires.
3. Run ADSI Edit.
4. Right-click the top directory.
5. Select Properties.
6. Select Security.
7. Click Add to add the Bomgar Verify user.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
33
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
8. Click Advanced.
9. Re-select the user in the Permission entries list.
10. Click Edit….
11. Select Properties.
12. In the Applies onto field, select Descendant User
Objects. Check the following:
a. Allow Write Telex Number
b. Allow Write Telex Number (Others)
c. Allow Write Mobile Number
d. Allow Write E-Mail
e. Click OK.
13. From Advanced Security Setting, click Edit.
14. In the Applies To field, select Descendant User
Objects.
15. Check Reset Password and Change Password.
16. Click OK.
17. Click Apply. The account should have five entries.
18. Right-click AdminSDHolder under the directory
CN=system.
Select Properties > Security Tab > Advanced.
Select the option Enable Inheritance.
Click OK. This adds support for users that are members
of the following protected groups:
l
Administrators
l
Account Operators
l
Server Operators
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
34
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
l
Print Operators
l
Backup Operators
l
Domain Admins
l
Schema Admins
l
Enterprise Admins
l
Cert Publishers
Note: Additional servers MUST share the same Bomgar Verify administration account for each domain they manage.
19. To test, start the Bomgar Verify Admin GUI.
20. Enable a user.
21. Enter the mobile number.
22. Click Update User.
23. The message returned should say OK, Passcode Sent To Gateway. If the message ERR, Error writing to LDAP, General
access denied error is received, then the write permissions are incorrect.
Bomgar Verify Service Permissions Account Wizard
1. Create a service account within Active Directory.
2. Make sure the password is set to not expire.
3. Enter the service account within the Service Account
Name field.
4. Click Get DN. It is also possible to set a specific OU;
however, this should not be required within most
environments.
5. Set the needed permissions :
a. Primary TelexNumber
b. telenexNumber
c. mobile
d. mail
e. Reset Password
f. Change Password
g. pwdLastSet
h. userAccountControl
6. Click Apply.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
35
TC: 8/22/2016
BOMGAR VERIFY INSTALLATION GUIDE
LDAP Security
It is required for the LDAP dmin account used by Bomgar Verify to have Active Directory permissions as follows:
l
Read All User Attributes
l
Write Access To Telex Number
l
Write Access To Mobile Number (Optional)
l
Write Access To E-Mail Address (Optional)
Note: When installing Bomgar Verify Managed Users Microsoft ADAM, only a username is required as Bomgar Verify
automatically creates an admin account called Bomgar Verify. In addition, Bomgar Verify Managed Users Microsoft ADAM
always uses a PIN because the password can be seen in clear text.
CONTACT BOMGAR info@bomgar.com | 866.205.3650 (US) | +44 (0) 1628 480 210 (UK/EMEA)
BOMGAR.COM
© 2016 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
36
TC: 8/22/2016
Related documents
Bomgar Remote Assistance
Bomgar Remote Assistance
zappos - Bomgar
zappos - Bomgar
Service Desk Management - solid
Service Desk Management - solid
Attachment II - Information Technology Management Forum
Attachment II - Information Technology Management Forum
Where Do I Review Available Platforms in Bomgar Vault?
Where Do I Review Available Platforms in Bomgar Vault?
Bomgar Privileged Access Management
Bomgar Privileged Access Management
Where Do I Review Default Password Templates in Bomgar Vault?
Where Do I Review Default Password Templates in Bomgar Vault?
Download