Remote administration is not allowed after the trial expires if you do not activate the software.
You can remotely administer EFT Server from any computer on which the administration interface is installed (with network access). If you are using SSL, you must create and/or assign an SSL certificate to use for connections. SSL.DLL must be deployed alongside SFTPCOMInterface.DLL on the remote computer. When you connect from a remote administration interface, an SSL Certificate dialog box appears in which you must accept the certificate to continue. If you reject the certificate, the User Connect Failed Event is triggered with the Event Reason of "Client SSL Certificate was rejected."
If you are not installing the administrative interface and plan to use the COM API for remote administration, you will have to create a folder on the remote computer for the DLL files and register the DLLs using Regsvr32. Refer to Remotely Administering EFT Server Using the COM API in the COM API reference for details.
Refer to FAQs About Remote Administration for several facts and caveats to consider regarding remote administration.
|
|
Remote administration is not allowed after the trial expires if you do not activate the software. |
|
|
If you are using SQL Express as your database, you may not be able to generate a report remotely, unless the connecting account is a trusted SQL Server connection (e.g., if SQL Server and the remote computer are in the same domain, or if SQL Server is configured to allow "mixed authentication.") |
What you can't do remotely:
File browse operations are disabled. You can, however, type a path that is relevant to the EFT Server computer (not the remote interface). For example, when you create a Command or a Monitor Folder Event Rule remotely, you can't click the folder icon and browse to the path of the file that you want to execute or the folder that you want to monitor on the EFT Server computer, but you can type the path. (No verification is done on the path that you type.)
SSL certificates cannot be created or managed remotely.
Before you can connect from the remote administration interface, you must:
Configure the Server. You must do this locally, on EFT Server computer.
Configure remote administration, as described below.
If you have configured remote administration, but are unable to connect, one or more of the following could be preventing the connection:
The IP address of the computer on which you are attempting to connect to EFT Server is listed in the Remote Administration Ban IP list.
Your SSL certificate is expired or invalid.
The Allow remote administration check box has been cleared.
The remote administration port value has changed.
EFT Server’s IP address has changed since the last login.
The firewall settings of the computer on which EFT Server is installed are blocking the connection.
There is a version mismatch between your administration interface and the EFT Server service you are trying to administer.
The account with which you are attempting the remote connection does not have access permission to EFT Server.
Network errors
The following topics describe:
To configure EFT Server for remote administration
Launch the administration interface on EFT Server computer and connect to EFT Server you want to configure for remote administration. (You cannot setup remote administration remotely.)
In the right pane, select the Administration tab.
In the Server administrator listening IP box, specify the IP address that is allowed to connect remotely. You can select a specific IP address that is defined on the computer on which EFT Server is installed or All Incoming IP addresses. (For command-line login, the EFT Server administrator listening IP address must be set to a specific IP address, not All Incoming.)
In the Port box, specify the port on which EFT Server listens for connections. 1100 is the default port. For security, you should use a different port other than the default.
Select the Allow remote administration check box. A warning message appears advising you to connect over SSL for more secure administration.
|
|
If you attempt to allow remote administration on a PCI DSS Site, a message appears to warn you that this setting violates PCI DSS 2.3, and allows you to continue with reason or disable the feature. |
Click Yes to set up secure administration or No to administer over a clear (not secure) connection.
To require SSL for remote connections, click the Require SSL for remote administration check box, then click Configure. The SSL Certificate Settings dialog box appears.
Do one of the following:
To create a certificate, click Create and follow the prompts in the wizard. (Refer to Creating Certificates for details, if necessary.)
To use an existing certificate:
In the Certificate box, type the path to the .crt file or click the folder icon 
to find and select it.
In the Private key box, type the path to the .key file or click the folder icon to find and select it.
In the Passphrase box, type the passphrase for the certificate pair.
Click OK to close the dialog box.
Click Apply to save the changes on EFT Server.
Close the administration interface. Make sure that the EFT Server service is still running, then configure the remote administration interface using the procedure below.
To configure the remote administration interface
Launch the administration interface on the remote computer.
Click the Server tab.
Specify EFT Server Group to which you want to add the remote server.
On the File menu, click Add New Server. The Login wizard New Administrator Connection page appears.
Click A remote computer.
In the Label box, type the name of EFT Server to which you want to connect. You can call it anything you want; it has nothing to do with EFT Server's computer name.
In the Host address box, type the IP address of EFT Server computer.
In the Port box, type the port number used by EFT Server.
Click Next. The EFT Server Administrator Login page appears.
Click A remote computer, then click its name (the label you gave EFT Server in step 6) in the box.
In the EFT Server administrator credentials area, provide your Username and Password, then click Connect.
If SSL is required for remote administration, a Server Certificate dialog box appears.
Accept or reject the SSL certificate from the remote EFT Server by clicking Trust Once (just for this session), Trust Always (for this and future connections, provided the SSL certificate does not change), or Reject (do not accept the certificate and do not connect to the server). (To undo a trust-always certificate, delete the appropriate trusted certificate file(s), stored in the %AppData% directory as Cert_for_<ip>.crt.)
If connection was successful, the remote Server appears in the tree.
If connection was not successful, verify the IP address and port on which EFT Server listens for connections, and ensure that SSL is properly configured on EFT Server, if used.
EFT Server allows you to remotely administer it from any computer with network access. You can administer EFT Server with the administration interface (AI) or using the COM API. Below are several facts and caveats to consider regarding remote administration.
You do not need a separate license for each installation of the AI.
When you install the AI remotely, SSL.DLL and SFTPCOMInterface.DLL are also installed. If you plan to administer EFT Server remotely with the COM API, you will have to copy the applicable DLL files to a folder on the remote computer and register them using regsvr32 (described above).
SSL certificates cannot be created or managed remotely. You are prohibited from creating certificates for EFT Server while remotely administering EFT Server because this Action can create a security breach. Any certificates you create remain on the computer on which you created them, unless you take steps to deliver and associate these files with another computer.
Organizations complying with the PCI DSS are required to use SSL for remote administration. If you attempt to allow remote administration on a PCI DSS Site without SSL, a message warns you that this setting violates PCI DSS 2.3, and allows you to continue with reason or disable the feature.
EFT Server must have remote administration enabled if the SAT module is installed on a separate computer.
File browse operations are disabled for remote administration. You can, however, type a path that is relevant to the EFT Server computer (not the remote interface). You are able to browse for a Settings Template folder, because you are browsing the VFS, not the physical folders.
OpenPGP keys cannot be created or managed remotely.
When the trial period has expired, all remote connections are disallowed.
You cannot activate the server or modules through a remote installation of the AI.
You cannot configure remote administration remotely.
You must configure the local connection before you can configure a remote connection.
When you are upgrading, remember to upgrade any remote installations of the AI to the same version.
For remote Active Directory connections, the connecting account must have access to the computer on which EFT Server is installed.
You can select AD accounts when performing remote administration as long as the administration interface and EFT Server are in the same domain or working across trusted domains.
You can login using the EFT Server computer's local administrator credentials from a command line or a Windows shortcut, using the EFT Server listening IP address and port.
You should restrict remote administration to one or more known static IP addresses.
By default, all IP addresses are granted remote access to EFT Server. EFT Server allows you to grant access to only one specific IP address or a range of IP addresses, or deny access to one specific address or a range of addresses.
For command-line login, the EFT Server listening IP address must be set to a specific IP address, not All Incoming. Remote administration must be configured and EFT Server must be in the same domain as the computer from which you are attempting to log in.
Before attempting to connect to a remote EFT Server, first be sure that the remote EFT Server service is running, and that it allows remote administration.
If you are logged in to EFT Server remotely, your username and password are passed to the Windows System Services on the computer running EFT Server. The account that you log on with must have administrative rights to make any changes to the GlobalSCAPE EFT Server service running on that computer.
If you are using SQL Express as your database, you may not be able to generate a report remotely, unless the connecting account is a trusted SQL Server connection (e.g., if SQL Server and the remote computer are in the same domain, or if SQL Server is configured to allow "mixed authentication.")
When objects are created, added, removed, modified, enabled, disabled, started, or stopped remotely, the action is logged to the database and reported in the Administrator Actions Log. (Administrator actions logging requires the HSM and ARM.)
The EFT Server variable for remote EFT Server connections is %CONNECTION.REMOTE_IP%.
If you are unable to connect to a remote server, verify that the remote server is configured to allow remote administration, and that you have provided the correct IP address, port, and login information.