Remote Administration

You can remotely administer EFT Server from any computer on which the Administrator is installed (with network access). If you are using SSL, you must create and/or assign an SSL certificate to use for connections. (If you are not installing the administrative interface and plan to use the COM API for remote administration, you will have to create a folder on the remote computer for the DLL files and register the DLLs using Regsvr32. Refer to Can you remotely administer EFT Server without the administrator interface? below for details.)

Before you can connect from the remote Administrator, you must:

1. Configure the Server. You must do this locally, on EFT Server computer.

2. Configure remote administration, as described below.

If you have configured remote administration, but are unable to connect, one or more of the following could be preventing the connection:

• The IP address of the computer on which you are attempting to connect to EFT Server is listed in the Remote Administration Ban IP list.

• Your SSL certificate is expired or invalid.

• Remote administration has been disabled.

• The remote administration port value has changed.

• EFT Server’s IP address has changed since the last login.

• The firewall settings of the computer on which EFT Server is installed are blocking the connection.

• There is a version mismatch between your console and the EFT Server service you are trying to administer.

• Other network errors

To configure EFT Server for remote administration

1. Launch the Administrator on EFT Server computer and connect to EFT Server you want to configure for remote administration. (You cannot setup remote administration remotely.)

2. In the right pane, select the Administration tab.



3. In the Server administrator listening IP box, specify the IP address that is allowed to connect remotely. You can select a specific IP address that is defined on the computer on which EFT Server is installed or All Incoming IP addresses.

4. In the Port box, specify the port on which EFT Server listens for connections. 1100 is the default port. For security, you should use a different port other than the default.

5. Select the Allow remote administration check box. A warning message appears advising you to connect over SSL for more secure administration.

If you attempt to allow remote administration on a High Security Site, a message appears to warn you that this setting violates PCI DSS 2.3, and allows you to continue with reason or disable the feature.

6. Click Yes to set up secure administration or No to administer over a clear (not secure) connection.

7. To require SSL for remote connections, click the Require SSL for remote administration check box, then click Configure. The SSL Certificate Settings dialog box appears.



8. Do one of the following:

   • To create a certificate, click Create and follow the prompts in the wizard. (Refer to Creating Certificates for details, if necessary.)

• To use an existing certificate:

1. In the Certificate box, type the path to the .crt file or click the folder icon to find and select it.

2. In the Private key box, type the path to the .key file or click the folder icon to find and select it.

3. In the Passphrase box, type the passphrase for the certificate pair.

9. Click OK to close the dialog box.

10. Click Apply to save the changes on EFT Server.

11. Close the Administrator. Make sure that the EFT Server service is still running, then configure the remote Administrator using the procedure below.

To configure the remote Administrator

1. Launch the Administrator on the remote computer.

2. In the left pane, select the Server tab.

3. Specify EFT Server Group to which you want to add the remote server.

4. On the File menu, click Add New Server. The Login wizard New Administrator Connection page appears.



5. Click A remote computer.

6. In the Label box, type the name of EFT Server to which you want to connect. You can call it anything you want; it has nothing to do with EFT Server's computer name.

7. In the Host address box, type the IP address of EFT Server computer.

8. In the Port box, type the port number used by EFT Server.

9. Click Next. The EFT Server Administrator Login page appears.



10. Click A remote computer, then click its name (the label you gave EFT Server in step 6) in the box.

11. In the EFT Server administrator credentials area, provide your Username and Password, then click Connect.

• If connection was successful, the remote Server appears in the tree.

• If connection was not successful, verify the IP address and port on which EFT Server listens for connections, and be sure SSL is properly configured, if used.

Can you remotely administer EFT Server without the administrator interface?

Yes, you can remotely administer EFT Server using the COM API. You will have to copy the applicable DLL files to a folder on the remote computer and register them using regsvr32.

To remotely administer EFT Server with the COM API when the EFT Server administrator interface is not installed

1. Copy the following DLL files from C:\Program Files\GlobalSCAPE\EFT Server Enterprise (or \EFT Server) to a directory on the remote computer:

• SSL.DLL (If you plan to use SSL.)
• SSLFIPS.DLL (If you plan to use FIPS SSL)
• SFTPCOMInterface.DLL (You need this to use the COM API.)

2. In the directory on the remote computer in which you copied the files, run regsvr32 to register the SFTPCOMInterface.DLL on the computer. For example, type:

Regsvr32.exe SFTPCOMInterface.DLL

For more information about the Regsver Tool, refer to Explanation of Regsvr32 usage and error messages on the Microsoft Support site.