When the Internet Gateway package is prepared you have to install it onto your DMZ Server.
See theDMZ Server Network/Firewall Requirementssection for more details on network and firewall configurations for the DMZ Server.
1. Interactively login to the DMZ Server in the perimeter network with local administrative privileges. 2. Copy the generated Internet Gateway Package to your hard drive and start the installation.
If, on starting the installation, you see the Windows Installer warning message (see figure below), then you are trying to deploy the Internet Gateway x86 package on x64 processor.Ensure the Internet Gateway package is generated to meet your x64 process type.
Windows Installer warning message.
NOTE:For systems with User Account Control (UAC) functionality turned on, the installation process must be run with elevated privileges. If you are logged into the system under a custom administrator account (such as [email protected] with a unique relative id) rather than the default Administrator user account (a well-known alias such as [email protected] with a well-known relative ID (RID) of 500), you must accept the User Account Control (UAC) prompt. Please be sure to start the
Internet Gateway installation under the elevated process. Click Start and type “command” (without quotes) into the Start Search box. Right click on the Command Prompt item and select Run as administrator from the context menu. Click Continue to start the command prompt.
Type:
cd /d <package_path>
(substitute<package_path>with the Internet Gateway package location) Press <Enter>
Type: rsc
Press <Tab> to locate the Internet Gateway installation package. Hit enter to start the Internet Gateway installation.
3. On theWelcome to the Internet Gateway Installationwizard page specify the program folder on the DMZ Server where you want the Internet Gateway components be installed to.
Figure 18: Specifying the RSC Internet Gateway package program folder.
ClickNextwhen ready to move to the next page.
Figure 19: Specifying network interfaces and ports to listen on.
Select theNAToption and specify the NAT device external IP address if you have a NAT device configured in your perimeter network and you want to make the Internet Gateway visible from outside the NAT. This enables the Internet Gateway to listen on all available network interfaces on the DMZ Server. It will accept connections from RSC clients and user browsers on all DMZ Server interfaces and also make remote computers aware of the publicly visible DMZ Server IP address specified in the edit box (address of the NAT device). On top of that, the Internet Gateway will listen on all interfaces for incoming connections from the RSC Server.
However, you can configure the Internet Gateway to listen on a specific interface by selecting the Select IPoption and choosing the interface IP address from the drop-down list. This enables the Internet Gateway to accept connections from user browsers and RSC Client Computers on the selected IP. The Internet Gateway will listen for incoming connections from the RSC LAN Gateway on all DMZ Server network interfaces.
Specify the port that the RSC Client software is installed to on the remote computers and the remote users’ browsers will be connecting to.
By default, the RSC client management software connects to TCP port 443 on the DMZ Server. This port is used by the RSC Client to notify the RSC user that the remote computer is available for management. If necessary, you can change this port by specifying custom port in theEnter the TCP portedit box. The same port 443 is used to directly connect to Internet Gateway via the browser from external (WAN) networks. This port is used to proxy connections from remote browser clients to the IIS web site when the RSC Server is not directly accessible. By default, the RSC Gateway listens for incoming connections from browsers on the SSL default port 443. This allows accessing the website via HTTPS protocol without specifying the port in the URL. A custom port can be specified if need be.
If the specified port is already used by other applications running on the DMZ Server, the wizard will warn you. To proceed with the Internet Gateway installation, release the port for the Internet Gateway or specify a different non-conflicting port.
If the Internet Gateway package was generated with an IP address of the interface that is not present on DMZ Server, the installation wizard will warn you with the corresponding message box. When
generating/installing the RSC Internet Gateway package, ensure it corresponds to the IP address of the DMZ server.
Figure 20: DMZ installation wizard warns you about non-existing interface.
This address is used by RSC in the LAN to establish a connection to the Internet Gateway. ClickYesto enable the Internet Gateway to be aware of connections from the NAT. This will make the LAN Gateway connect to the Internet Gateway via the DMZ Server’s NAT device IP address specified in the message box. Otherwise click No to exit the Internet Gateway installation.
After clicking No, make sure to generate the new DMZ package via the RSC Console specifying the IP address of an interface present on the DMZ Server. Install the newly generated package.
When running setup, the installation wizard will check if the machine is running the Windows Firewall service and will either automatically configure the firewall rules for the specified ports to allow RSC server/client communication or, if fails, ask you to execute it manually.
(For Windows Server 2003) If the ports specified are already on the Exceptions list for another program/service, the RSC will override the existing port entries.
ClickYesto allow configuration and proceed. Or, clickNoto reject automatic firewall configuration and perform it manually later after RSC setup.
Figure 21: The Internet Gateway setup wizard is asking permission to automatically configure the Windows Firewall rules on the machine with Windows firewall turned on.
If the Windows Firewall is turned off or other than the Windows firewall protects your machine, you will see the message informing you to open the ports for TCP inbound traffic through the firewall.
NOTE: Make sure that Windows Firewall is not configured to deny any connection through firewall (the “Don’t allow exceptions” (for MS Windows Server 2003) and “Block all connections” (for MS Windows Server 2008/2012) options are chosen). In this case RSC does not override these settings automatically and RSC components communication is blocked by firewall.
ClickNextto continue with the installation when ready. 5. Wait while the wizard installs the Internet Gateway.
Once deployed, the Internet Gateway becomes available for remote clients within a moment. You can now check its status by opening the RSC Management Console right from the DMZ Sever.
To open the RSC Management Console and check the Internet Gateway status:
1. Start the browser and type in the URL into the address bar based on the following template: https://DMZServerAddress:Port/RSCVirtualDirectory/
Table 2: Template's legend.
Pattern Description
DMZServerAddress IP address or DNS Name of the DMZ Server DMZ or
DMZ.mydomain.com Port Browser’s TCP port defined during Internet Gateway
installation 443 (default RSC port) or a custom port such as 49153 RSCVirtualDirectory IIS Virtual Directory defined for RSC Management Console
during product installation on the RSC Server.
RSC
NOTE:If you stick with the default SSL port, you may skip defining the TCP port explicitly. Use the address:
https://DMZServerAddress/RSCVirtualDirectory/
2. Type in your domain credentials on the login page and clickLoginto log in.
NOTE:Make sure to allow the DMZ Server access to RSC. If you do not have the DMZ Server IP address defined in the security filter list within RSC, you will be denied access to the RSC Management Console home page.
Make sure to add your domain account that you will use to log into RSC from the DMZ Server to the RSC Administrators list.
(Refer to theRemote Support Center Administrator’s Guide). 3. ClickView statusto open theApplication Statuspage.
Figure 22: Internet Gateway is installed and available online.
This indicates that RSC has been successfully enhanced to fit your infrastructure. You can now access the RSC from external computers via your DMZ Server and gain other productivity delivered by Global Model.
TheLAN -> DMZ row specifies the IP address and port used on the DMZ Server to accept connections from RSC Server on the port specified in the Portcolumn. These connections are initiated by the LAN Gateway.
TheInternet -> DMZrow specifies the IP address and port used on the DMZ Server to accept connections from internet on the port specified in thePortcolumn. These connections generally initiated by RSC Clients and RSC Users’ Browsers running on computers on the internet.
RSC uses an intelligent technique to refresh all the remote computers deployed with RSC Clients to make them aware of the newly added Internet Gateway. Once an RSC Client connects to the LAN Gateway, client’s configuration will be immediately updated to include the IP address and port of the Internet Gateway as specified during the package deployment.