Configuring EFT Server

After you follow the procedures in Installing and Activating the Software, the next step is to log in to EFT Server via the Server interface, called the Administrator Interface, and configure the client connections to EFT Server.

When you connect to EFT Server for the first time, you must configure it on the computer on which the EFT Server service is installed. After you have created the local connection and enabled remote connections, you can connect to and administer EFT Server remotely.

Even if you plan to restore the Server from a backup, you must still create the initial Server object in the Administrator interface.

Anytime you connect to the GlobalSCAPE Server service, if no Servers have been defined, the Server Setup wizard Welcome page appears. The Server Setup wizard guides you through EFT Server configuration. The wizard helps you configure Server-specific options such as allowing remote administration. After the brief Server Setup wizard is completed, you have the option to run the Site Setup wizard to configure a Site, and then the User Setup wizard to configure a user.

You may cancel out of the Server Setup wizard anytime by clicking Cancel or the X in the upper right corner; however, any settings made through the wizard are discarded, except for keys/certificates added to the key manager (by creating or importing).

You will need the following information to create and configure a Server:

To configure EFT Server

  1. Do one of the following:

  2. Do one of the following:

  3. Click Next. The Server Setup wizard Welcome page appears.

  4. Click Next. The FIPS Options page appears.

  5. When you enable FIPS mode, the ciphers, keys, and hash lengths and types that are not FIPS approved are not available. If a FIPS-approved state cannot be achieved when FIPS is enabled, the EFT Server service is stopped and an error is written to the Windows Event Log.

  6. Click Next. The Remote Administration page appears.

  7. Click Next. If you chose remote administration, the Secure Remote Administration page appears.

  8. Administrator account credentials are transmitted in plaintext unless SSL is enabled. Organizations complying with the PCI DSS are required to use SSL for remote administration. To enable secure remote administration, select the Use SSL for secure remote administration check box, then click Next. The SSL Certificate Options page appears.

  9. Do one of the following:

  10. Click Next. The Limit Remote Administrator IP Addresses page appears.

  11. You should restrict remote administration to one or more known static IP addresses. You can configure this later and allow all IP addresses to connect for now. Otherwise, specify whether to Deny access to all remote IP addresses except for those you specify or Grant access to all remote IP addresses except for those you specify, then add the IP address exceptions to the list.

    1. Click GRANT access or DENY access, then click Add. The IP Mask dialog box appears.

    2. Specify the IP address or range of IP addresses to deny or grant access to the Site. You can use wildcards to select ranges of IP addresses.

    3. Click OK to close the IP Mask dialog box. The IP address/mask appears in the Admin IP addresses filter box.

  12. Click Next. The Auditing and Reporting page appears.

  13. If you are using Auditing and Reporting, select the Enable auditing check box, then provide the information required to connect to the ARM database as described below. Otherwise, skip to the next step. (Auditing and reporting is a requirement of the PCI DSS.)

    1. In the Database type area, specify whether you are using SQL Server or Oracle for the auditing database. (Oracle available in EFT Server Enterprise only.)

    2. In the Host[\Instance Name] box, type EFT Server name or IP address.

      If you are using SQL Server as the Auditing Database, \InstanceName corresponds to SQL Server's notion of named instances, a feature that allows a given computer to run multiple instances of the SQL Server Database Service. For more information, refer to http://msdn2.microsoft.com/en-us/library/ms165614.aspx.

    3. In the Username and Password boxes, type the username and password used to connect to the database (not the EFT Server credentials).

    4. In the Database Name box, type the name of the database.

    5. In the Audit failure notification e-mail address box, type the e-mail address to which EFT Server is to send database connection error notifications. You can add as many e-mail addresses as needed; separate the addresses with a comma or semicolon. EFT Server uses its global SMTP e-mail settings from the SMTP Configuration to send the e-mails. You will configure those settings on the next page.

    6. In the In case of audit database error area, specify an action for EFT Server to take if there is an error with the database. To stop recording data, select Stop auditing. To continue recording data to a file, select Audit to folder, and specify the location for the log file.

    7. UNC paths are supported. The GlobalSCAPE Server service must run on a computer that has access to the network share, and the full UNC path must be used, that is: \\xcvd.forest.intranet.xc\Common_Files, not G:\Common.

  14. Click Next. The specify SMTP Server Settings page appears.

  15. In the From e-mail address box, specify the e-mail address for e-mail notifications (such as those triggered by Event Rules). This is the address that appears in the From box of e-mails sent by EFT Server. For example, type noreply@serverhost.com.

  16. In the SMTP host address boxes, specify the SMTP server host address and port.

  17. If the SMTP server requires authorization, select the check box and provide the Username and Password.

  18. Click Next. Server Setup is complete.

  19. You are offered the option of continuing to the Site Setup wizard, or quitting the wizard, saving EFT Server settings, and configuring the Site(s) later. You must configure at least one Site to service inbound connections to EFT Server.

  20. Click an option, then click Finish. If you chose FIPS mode for SSL and/or SSH, prompts appear explaining that EFT Server has entered FIPS mode. Click OK to dismiss the prompts.

  21. If you chose Run the Site Setup wizard now, the Site Setup wizard Welcome page appears.

  22. Refer to Defining Connections to EFT Server for the procedure for configuring the Site. The procedure differs depending on the user authentication type you choose.

Related Topics

Server Setup Wizard

Remote Administration

Enabling FTPS, HTTPS (SSL) at the Site Level

Assigning a Certificate

Introduction to the PCI DSS HS Module