Network Considerations During Appliance Install
The following questions should be considered when implementing your Bomgar Appliance in the network.
- Is the LDAP Server on the same LAN as your Bomgar Appliance? If not, you must install a Bomgar Connection Agent on the LDAP server to support communications between the Bomgar Appliance and the LDAP Server.
- Will there be two appliances configured, one as a backup appliance to support automatic failover? If so, the appliances need to be on the same subnet, and they each need a DNS A Record for their individual IP Addresses.
- Will you be utilizing a RADIUS Server with Bomgar? If so, this is typically port 1812.
- Will you be utilizing a Kerberos Key Distribution Center (KDC) with Bomgar? If so, the representatives typically communicate with their KDC over port 88 UDP.
- Is your support base completely internal or accessible through a VPN? If so, deploying the Bomgar Appliance on an internal network segment is ideal, and no firewall changes are required because both the appliance and all of the supported clients are internal to the firewall.
- Are you supporting customers outside of your company's internal network? If so, best practices in network design discourage opening external access directly to your internal network. If you are providing external support via Bomgar, it is highly recommended that the appliance reside in a DMZ that segments the internal network from the internet. These additional items also need to be considered:
- Network Address Translation (NAT). If you use RFC1918 private IP addresses, such as 10.0.0.0, 192.168.0.0, or 172.16.0.0 networks, you will have to perform NAT on your firewall.
- DNS. In NAT environments, you should utilize split-DNS. The external name server must resolve the external IP address of the Bomgar Appliance. The internal name server must resolve the internal IP address.
- Firewall rules. Ensure that port 443 is open to the external IP address of your Bomgar Appliance.