Remote Administration FAQ
EFT allows you to administer it remotely from any computer with network access. You can administer EFT with the administration interface (AI) or using the COM API. Below are several facts and caveats to consider regarding remote administration.
-
If you are remotely connected to EFT via DMZ Gateway and make a change to the EFT<->DMZ Gateway settings, including disconnecting EFT from DMZ Gateway, the active session will not be affected. If/when you attempt to reconnect to EFT via DMZ Gateway, you will experience the effects of any changes.
-
File browse operations are disabled. However, you can type a path that is relevant to the EFT computer (not the remote interface). For example, when you create a Command or a Monitor Folder Event Rule remotely, you can't click the folder icon and browse to the path of the file that you want to execute or the folder that you want to monitor on the EFT computer, but you can type the path. (No verification is done on the path that you type.) You are able to browse for a Settings Template folder, because you are browsing the VFS, not the physical folders.
-
SSL and SSH certificates cannot be created or managed remotely. You are prohibited from creating certificates for EFT while remotely administering EFT because this action can create a security breach. Any certificates you create remain on the computer on which you created them, unless you take steps to deliver and associate these files with another computer. When you remotely connect to EFT Server, you will be prompted to Trust or Reject the server certificate.
-
OpenPGP keys cannot be created or managed remotely.
-
You do not need a separate license for each installation of the administration interface.
-
When you install the AI remotely, SSL.DLL and SFTPCOMInterface.DLL are installed in C:\Program Files\Common Files\Globalscape\SFTPCOMInterface on the remote computer.
-
Organizations complying with the PCI DSS are required to use SSL for remote administration. If you attempt to allow remote administration on a high security-enabled Site without SSL, a message warns you that this setting violates PCI DSS, and allows you to continue with reason or disable the feature.
-
When the trial period has expired, all remote connections are disallowed.
-
You cannot activate the server or modules through a remote installation of the administration interface.
-
You cannot configure remote administration remotely.
-
You must configure the local connection before you can configure a remote connection.
-
When you are upgrading, remember to upgrade any remote installations of the administration interface to the same version.
-
For remote Active Directory connections, the connecting account must have access to the computer on which EFT is installed.
-
You can select AD accounts when performing remote administration as long as the administration interface and EFT are in the same domain or working across trusted domains.
-
You can login using the EFT computer's local administrator credentials from a command line or a Windows shortcut, using the EFT listening IP address and port.
-
You should restrict remote administration to one or more known static IP addresses.
-
By default, all IP addresses are granted remote access to EFT. EFT allows you to grant access to only one specific IP address or a range of IP addresses, or deny access to one specific address or a range of addresses.
-
For command-line login, the EFT listening IP address must be set to a specific IP address, not All Incoming. Remote administration must be configured and EFT must be in the same domain as the computer from which you are attempting to log in.
-
Before attempting to connect to a remote EFT, first be sure that the remote EFT service is running, and that it allows remote administration.
-
If you are logged in to EFT remotely, your username and password are passed to the Windows System Services on the computer running EFT. The account that you log on with must have administrative rights to make any changes to the Globalscape EFT service running on that computer.
-
If you are using SQL Express as your database, you may not be able to generate a report remotely, unless the connecting account is a trusted SQL Server connection (for example, if SQL Server and the remote computer are in the same domain, or if SQL Server is configured to allow "mixed authentication.")
-
When objects are created, added, removed, modified, enabled, disabled, started, or stopped remotely, the action is logged to the database.
-
The EFT variable for remote EFT connections is %CONNECTION.REMOTE_IP%.
-
If you are unable to connect to a remote server, verify that the remote server is configured to allow remote administration, and that you have provided the correct IP address, port, and login information.
What you can't do remotely:
-
File browse operations are disabled. However, you can type a path that is relevant to the EFT computer (not the remote interface). For example, when you create a Command or a Monitor Folder Event Rule remotely, you can't click the folder icon and browse to the path of the file that you want to execute or the folder that you want to monitor on the EFT computer, but you can type the path. (No verification is done on the path that you type.)
-
SSL and SSH certificates cannot be created or managed remotely.
Before you can connect from the remote administration interface, you must:
-
Configure the Server. You must do this locally, on EFT computer.
-
Configure remote administration, as described below.
If you have configured remote administration, but are unable to connect, one or more of the following could be preventing the connection:
-
The IP address of the computer on which you are attempting to connect to EFT is listed in the Remote administration Ban IP list.
-
Your SSL certificate is expired or invalid.
-
The Allow remote administration check box has been cleared.
-
The remote administration port value has changed.
-
EFT’s IP address has changed since the last login.
-
The firewall settings of the computer on which EFT is installed are blocking the connection.
-
There is a version mismatch between your administration interface and the EFT service that you are trying to administer.
-
The account with which you are attempting the remote connection does not have access permission to EFT.
-
Network errors
The following topics describe:
-
How to configure EFT for remote administration
-
How to configure the remote administration interface
-
FAQs About Remote administration