Less VPN, more Cloud!
Find out how the Corona virus/ SARS-CoV-2 accelerates the use of cloud solutions and what challenges this poses for the system administrator:
Not only in times of the currently ongoing corona pandemic, working from home is becoming a more and more important topic. In order to ensure quick action, especially in emergency situations, cloud solutions are becoming increasingly attractive.
Cloud solutions should enable simple and secure remote access with flexible functions - without the need for complex VPN configuration.
We at G DATA CyberDefense also take this topic very seriously and will show you in the following how you can optimally secure your company even in critical situations and show cyber criminals a virtual STOP sign.
What does this mean exactly when using the G DATA Endpoint Security solution?
With the G DATA Endpoint Security solutions, we offer flexible software, even for remote workstations in the home office.
Generally, security clients receive the latest signature updates even without a direct connection to the management server (provided this function is set up - see below).
In this case, however, the administrator does not receive any information about incidents or requests via the G DATA ManagementServer. The clients are thus flying "blind". This problem is solved by the public accessibility of a management server (both main and secondary server).
If a management server is publicly accessible, policies can still be easily distributed to your home office computers. Web content filters, which are often mapped via firewalls or web application proxies (and thus no longer work), can be mapped on every computer with G DATA Endpoint Protection and web content control.
We also offer the G DATA ManagementServer directly as a cloud solution G DATA Managed Endpoint Security powered by Microsoft Azure.
Setting up your G DATA Management Server and the associated clients correctly:
If your G DATA Management Server is not publicly accessible and you do not want this to change in the future, you must ensure that the signature updates are carried out independently and automatically by the G DATA Security Clients.
The following settings can be found in the General Client Settings in the G DATA Administrator.
If your G DATA ManagementServer is to be accessed from the internet in future, the public name or public IP must be published to the G DATA clients.
These are the necessary steps:
- Inserting the public name or the public IP into the SQL database using the example of a G DATA standard installation with the help of sqlcmd.
sqlcmd.exe -S .\GDATA2014 -d GData_AntiVirus_MMS -Q"INSERT INTO server (Parameter, Value1) VALUES ('ServerNamesForAgents','myserver.mydomain.tld')"
myserver.mydomain.tld corresponds to the public name you have defined, the instance name ".\GDATA2014" and the database name "GDATA_Antivirus_MMS" can be viewed on your G DATA ManagementServer in the configuration file "C:\Program Files (x86)\G Data\G DATA AntiVirus ManagementServer\config.xml" in the entries "DBServer" and "Database".
- All computers which still have an active connection to your G DATA ManagementServer will now automatically receive the second server name as a fallback.
- Now create a new installation package which contains both your internal server name and the name you have publicly defined for all future installations. You create the package in the G DATA Administrator in the menu "Organisation" > "Manage installation packages" > "+".
- Connections which arrive at the public name or the public IP on port TCP/7161 must be routed to the G DATA server in the next step. This can be done via port forwarding to the internal server or a second G DATA management server in your DMZ. Setting up a second server in the DMZ requires further steps. Our support team will be pleased to help you with this: https://www.gdatasoftware.com/support
- Computers that are already out of range will unfortunately not receive the change you have made automatically until they are back in your network or VPN. The change can also be made manually on the affected system in the Windows Registry. Execute the following command in the CMD of the affected system:
reg add "HKLM\Software\G Data\AVKClient" /reg:32 /v SecondaryServer /t REG_SZ /d myserver.mydomain.tld /f
If you have further questions, G DATA Support will help you as usual.
You can find all contact details at: https://www.gdatasoftware.com/support
Whitepaper: Configure the ManagementServer for home office clients