How-to


Changelog


Troubleshooting


Privacy policy for enterprise solutions



Page tree
Skip to end of metadata
Go to start of metadata

Configuration of the ManagementServer for remote work

G DATA Endpoint Security solutions offer flexible software, even for distributed remote workstations working from home.

The first question that should be clarified: how can the contact to the G DATA ManagementServer be realized?

In principle, security clients get the latest signature updates even without a direct connection to the G DATA ManagementServer (as long as this function is set correctly - G DATA SecurityClients load their signatures directly from the G DATA update servers). In this case, however, the administrator does not receive any information about incidents or requests via G DATA ManagementServer. The clients are on the way thus "flying blind". There are also some functional limitations associated with this. For example, the G DATA Firewall would not be installable without the G DATA ManagementServer.

The public accessibility of the G DATA ManagementServer (both Main- and SecondaryServer) solves these issues.

The following scenarios are possible:

  • No contact with the G DATA ManagementServer possible (not recommended).
  • The G DATA ManagementServer is located on an internal network - it can be reached via a public IP or DynDNS and port forwading.
  • The G DATA ManagementServer is located in a DMZ and can be reached directly via a public IP.
  • There is no way to make your own G DATA ManagementServer reachable from the outside.
There is a publicly accessible G DATA ManagementServer available

First, the public name or IP of the selected G DATA ManagementServer must be published to the G DATA clients:

Store your public IP or DNS name in the G DATA Management Server database via cmd:

  • myserver.mydomain.tld corresponds to the public name or IP.
  • You can view the instance name ".\GDATA2014" as well as the database name "GDATA_Antivirus_MMS" in the configuration file on your G DATA ManagementServer: The file config.xml
sqlcmd.exe -S .\GDATA2014 -d GData_AntiVirus_MMS -Q"INSERT INTO server (Parameter, Value1) VALUES ('ServerNamesForAgents','myserver.mydomain.tld')"

All computers that still have an active connection to your G DATA ManagementServer will now automatically receive the second server name as a fallback.

Create a new installation package in the G DATA Administrator. (In the main menu under "Organisation" → "Managed installation packages" → "+".)

For all future installations, this will contain both your internal server name and the one you have defined publicly.

Delete all old installation packages.

Connections arriving at the public name or IP on port TCP/7161 must be routed to the G DATA ManagementServer in the next step. This can be done via port forwarding to the internal server or a second G DATA ManagementServer in your DMZ. Setting up a second server in the DMZ requires additional steps. Our support team will be happy to help you with this: G DATA Technical Support.

Computers that are already out of range will not receive the change automatically until they are back on your network or VPN. The change can also be made manually in the registry on the affected system. Execute the following command in the CMD on the affected system:

reg add "HKLM\Software\WOW6432NODE\G Data\AVKClient" /reg:32 /v SecondaryServer /t REG_SZ /d myserver.mydomain.tld /f

Deploy the clients according to the instructions G DATA SecurityClients load their signatures directly from the G DATA update servers.

G DATA SecurityClients download their signatures directly from G DATA update servers

Ihr G DATA ManagementServer ist öffentlich nicht erreichbar und soll sich dies auch in Zukunft auch nicht sein. In diesem Fall laden die Clients die aktuellen Signaturen von den G DATA Updateservern.

Make sure that the G DATA Security Clients receive signature updates every hour to be protected. The G DATA Security Clients will receive the latest signature updates even without a connection to the G DATA ManagementServer, but this will not allow them to send information about incidents or requests.

In G DATA Administrator, go to Clients → Client settings → General.

(warning) If black exclamation marks appear in circles in the settings process, there are differing settings between clients in the group you are currently trying to configure. Make sure you want to apply the setting to all clients in the group before confirming your selection. 

Click "Signature Update Settings..." on the right side of Updates.

In the Signature Update settings, select the lowest option.

With the option "Load online signature updates by itself if no connection to ManagementServer can be established (recommended for mobile workstations)", the G DATA Security Client will load signature updates by itself when it is outside the local network. However, the client communicates with the ManagementServer as soon as it is on the local network, without making any changes to the settings.

Klicken Sie auf "Einstellungen und Zeitplanung...".

Aktivieren Sie die Option "Zugangsdaten vom ManagementServer verwenden".

Oder geben Sie die Zugangsdaten ein. 

Aktivieren Sie die Versionsprüfung.
Durch die Versionsprüfung werden nur Signaturen geladen, welche sich seit dem letzten Update verändert haben. Ohne Versionsprüfung werden immer die vollständigen Virensignaturen geladen.

Click "Schedule" at the top of the window.

Select "Hourly" to get the optimal protection.

Click OK to save the signature update settings and schedule and close the window.

Click OK to save the signature update settings and close the window.

Click Apply at the bottom right to save your changes.

No publicly accessible G DATA ManagementServer is available

For computers working remotely from home but connect to your company's network on a regular basis (laptops), it is sufficient to set them up according to the instructions G DATA SecurityClients load their signatures directly from the G DATA update servers.

However, if you never come into the company network, there are various ways to protect your home workstations. Here, the decision is whether to hand over responsibility to the individual user (for example, through a G DATA Desktop solution) or whether the administrator should retain responsibility and control here as well. Many of our partners offer client management via public G DATA ManagementServers.  Our product "G DATA 365" would also be such an alternative.

We will find the right solution for you! Contact form