Advanced Configuration Wizard

The Bomgar Verify “Advanced Configuration Wizard” controls all configuration data of the Bomgar Verify Security server. To launch this tool go to: Start/Programs/Bomgar/Advanced Configuration Wizard

By default, the wizard will always launch to the IIS and LDAP tab, you can step through each tab automatically after making changes to each relevant section. Or you can go directly to the section of your choice by selecting the correct tab required.

LDAP tab

Advanced Configuration Wizard LDAP Tab

Enter details for the Web server (machine that will run the Bomgar Verify admin GUI) and select the Directory server type, either "MS Active Directory, Novell E-dir, Sun One Directory server, LINUX OpenLdap or MS ADAM".

Select Directory Type - First step is to select the Directory Type either "MS Active Directory, Novell e-Directory, SecurEnvoy Managed Users – MS ADAM, OpenLDAP – Linux, Sun Directory server".

Primary Domain 1 - The Domain Name is the domain where the active directory resides and user information is stored and retrieved.

Directory Administrator Account Distinguished Name - Use the Tab key to step into the Search for DN section and into the field Enter UserID. Type the name of the account that will run the Bomgar Verify server. Click Get DN of UserID, this will automatically populate the DN account details providing you are currently logged on as a domain administrator of this domain. If correct, enter the password for the User ID account.

Using the button Example will provide a real example of the administrator DN directly from Active Directory.

Directory Server Details - Finally enter the names of your Directory servers. If certificates have been deployed upon your directory servers, LDAPS (port 636) can be utilised by enabling the "Use SSL" check box, note that LDAPS generally requires the server name to be fully qualified.

Test – after completing the required details, the connection can be tested by clicking Test Server 1 or Test Server 2. If OK is returned then click Continue. If OK is not returned, errors should be rectified before proceeding.

Note: LDAPS generally requires the server name to be fully qualified. If "Use SSL" is selected, the server name MUST be the same name as set in the common name of the Directory's server certificate.

If you wish to add an additional domain, click the "Add New Domain” button and enter the LDAP Settings for each new domain. The web server is the machine that the security server software was installed upon, this does not require changing.

The domain name is the additional domain where user information will be stored and retrieved. The Net Bios Name is optional and only needs setting if UserID logons use Net Bios domain names for example "BOMGAR\john smith".

Once the above information has been entered and a successful test established, click Continue. A warning will be displayed in the Wizard that confirms that the batch services are being installed.

Click Save and Continue.

Note: Any combination of Vendor LDAP server is supported in any order, each domain can be configured with its own Bomgar Verify administration account for read and write permissions. Each Domain MUST share the same Bomgar Verify administration account, or secondary servers in the same domain will elevate to batch master, causing the batch server to affectively run many times &result in multiply day codes being sent.

Multi Domain Configuration

Start/Programs/Bomgar/Advanced Configuration Wizard, select LDAP tab.

Additional Microsoft AD, click “Add New Domain” and then select domain type and populate with required information.

Microsoft AD Adding additional Microsoft AD domain, click “Add New Domain”, then select domain type and populate with required information.Click Update or continue when complete Microsoft
Novell e-Dir Adding Novell e-Dir domain, click “Add New Domain”, then select domain type and populate with required information. Click Update or continue when complete Novell
OpenLDAP Adding OpenLDAP domain, click “Add New Domain”, then select domain type and populate with required information. Click Update or continue when complete Open LDAP
Sun Directory Adding Sun Directory server domain, click “Add New Domain”, then select domain type and populate with required information. Click Update or continue when complete Sun Directory

Adding Microsoft ADAM / AD/LDS

Microsoft ADAM/AD/LDS

Selecting “SecurEnvoy Managed Users” allows the creation of a user database when no corporate directory server exists or can be used. This utilizes Microsoft ADAM (Windows Server 2003) / AD/LDS (Windows Server 2008), and allows user creation and management to be completed via the SecurEnvoy Admin GUI.

To create a Microsoft ADAM / AD/LDS instance, select “SecurEnvoy Managed Users”, then select whether this is the first or subsequent replica ADAM instance (for redundancy) and populate the domain name required for these users e.g. “Sales”.

The “passcode only” checkbox controls whether Bomgar Verify will authenticate both the PIN and passcode of the authentication request or just the passcode.

Follow steps 1-4, which will install Microsoft ADAM / AD/LDS, configure the instance and test that it is operational.

 

Adding Microsoft ADAM Replica (SecurEnvoy Managed Users)

To install an ADAM replica, run the Bomgar Verify “Advanced Config Wizard”, select:

Note: To facilitate ADAM replicas, the machine that is to have ADAM replica installed, must be a member of the same domain as the ADAM master. Also you must be logged in with “Domain Admin” rights for the ADAM replica install to succeed.

LDAP tab, select SecurEnvoy Managed Users (Microsoft ADAM) and select Create New Replication on Microsoft ADAM Setup window. Enter details for the port in TCP Port, enter details for “Server To Replicate From” This must be in a FQDN format.

Note: The port number should be the same for each Microsoft ADAM Master and Replica instance.

Note: The Server To Replicate From must be in a FQDN format. IP addresses are not supported.

Note: The ADAM domain name can only support characters 0-9 and A-Z

Enter the domain name information for the ADAM instance.

Enter the password details for the Bomgar Verify admin Password. These should be the same as the ADAM master.

Then follow steps 2-4 to complete the install.

When complete click “Update or Continue.”

Points to note regarding ADAM or AD LDS replication

  1. Windows Firewall seems to block update notifications to replicas so you need to create a custom rule on both servers to trust all inbound communications from the other servers IP address.

  2. If these servers are not in the same domain, change the windows service SecurEnvoyADAM*** to run under a user account that is a member of administrators group (not the default system account).

  3. On the second server, create the replica via Bomgar Verify Advanced Config and change the windows service SecurEnvoyADAM*** to run under a user account that is a member of administrators group (not the default system account).

Note: The ADAM replica instance will take up to 10 minutes before it is fully replicated and published.

Adding and Editing SecurEnvoy Managed Users (Microsoft ADAM / AD/LDS)

Example

Within the Bomgar Verify Admin GUI, select the ADAM domain created “Demo”.

To add a new user:

Create User

Populate Naming information and then select the “Create User” button

Note: An additional button is created within the Bomgar Verify admin Gui, this allows user creation. User information is typed into the “search Directory window”

Manage User

The user screen for the created user will now be displayed. Additional information regarding the account can now be populated.

Note: Bomgar Verify recommends that if a PIN is required, it is managed by Bomgar Verify as it is stored encrypted (Default action for all Bomgar Verify data). “ADAM passwords are not supported as they are not as secure as Bomgar Verify PIN’s”

eMail Gateway Configuration

Email Gateway Configuration

Start/Programs/Bomgar/Advanced Configuration Wizard, select eMail Gateway tab.

The eMail gateway settings are displayed below:

For the eMail Gateway configuration, enter details of the SMTP server that should be used for the sending of emails and the associated email account you wish to use.

There are two further options, for SMTP servers that require authentication, enable the checkbox and enter account details.

To support SMTP server that utilises TLS, enable the checkbox.

Once set up, a test email can be sent to a recipient to test if the configuration is correct.

Note: Please ensure that your SMTP server has been setup to allow relaying from the Bomgar Verify server.

Note: The Bomgar Verify Advanced Configuration Wizard can be exited at any time after configurations have been made.

IIS URL Configuration

IIS URLs

Start/Programs/Bomgar/Advanced Configuration Wizard, IIS URLs tab.

The URL configuration can be viewed and maintained from this tab. If the server supports HTTPS, then this can be selected. This setting will be inherited in the URL values that are displayed when selecting Manage My URLs. These URL values are included in system generated Emails sent to users. For example user enrolment Email.

Click Save and Continue.

Note: The Bomgar Verify Advanced Configuration Wizard can be exited at any time after configurations have been made.

 

SMS Voice Gateway Configuration

SMS/ Voice Gateway

Start/Programs/Bomgar/Advanced Configuration Wizard, select SMS / Voice Gateway tab.

Multiple gateways can now be setup and maintained via this Tab. It is possible to setup as many gateways as required to meet the operational requirements of the organisation. Bomgar Verify can support various gateway types from Web SMS, SMPP, Voice through to Serial or TCP/IP Modems.

The gateways can also be setup in priority order and can also be disabled as required very easily from with this wizard. The priority ordering of the gateways in controlled using the “Up” and “Down” buttons.

The gateways can be restricted to per country and per LDAP domain, to allow the administrator more control as to which service is used in certain countries. This is used to overcome difficulties sending SMS into countries that might not support advanced SMS features such as flash message and SMS overwrite.

Once complete priority can then be assigned for multiple gateways that will support the same countries/ domains.

For Web SMS gateway option a suitable provider account MUST already be setup and account details MUST be entered.

Restrict to Country / Domain allows the administrator to define what SMS gateways are used, this can be assigned per domain or by country code. Enter dialling codes for countries or domain that should be served by this SMS gateway, this can be selected from the radio button drop down menu. When dealing with country codes, for a particular SMS gateway, multiple country codes can be assigned, by comma separating.

Finally a test connection button allows the SMS gateway to be tested that it is operational and any user account information is correct.

Web SMS Gateway Proxy Settings

If a proxy server is being utilised upon the network, then proxy information can be entered

Click Update if any changes have been made or Continue when complete, this will then save all SMS Gateway information.

Bomgar Verify can connect to many Web based SMS providers. A new template may be required – See Security Server Administration Guide for more details

 

GSM Modem

To "Add" a GSM Modem, select Add then check the Modem radial button

Then select the connection type Either Serial/USB or TCP/IP

If USB/Serial enter Comm port and baud rate settings for the connected GSM modem.

If TCP/IP select the IP address and port number.

The above two options allow a corporation to use its own SIM chip from their Telco and take advantage of any free or group SMS call rates.

 

Add GSM Modem

The following are configurable options:

Send Simple text

When enabled allows a SMS to be sent in simple mode. Use this if the Telco operator does not support message overwrite (PDU mode).

Enter dialling codes for countries or domain that should be served by this SMS gateway, this can be selected from the radio button drop down menu. When dealing with country codes, for a particular SMS gateway, multiple country codes can be assigned, by comma separating.

When complete click the OK button to test. The test will carry out an ATI and signal strength test. Version information will be shown as well as signal strength information. Signal strength is measured from 0-31. An acceptable figure is 16 or above.

Click Update if any changes have been made or Continue when complete, this will then save all Gateway information.

To "Add" a Voice Gateway, select Add then check the Voice radial button.

Add Voice Gateway

Select the appropriate voice provider from the drop down menu list.

For Voice gateway option a suitable provider account MUST already be setup and account details MUST be entered.

Restrict to Country / Domain allows the administrator to define what SMS gateways are used, this can be assigned per domain or by country code.

Enter dialling codes for countries or domain that should be served by this Voice gateway, this can be selected from the radio button drop down menu. When dealing with country codes, for a particular SMS gateway, multiple country codes can be assigned, by comma separating.

Click Update if any changes have been made or Continue when complete, this will then save all SMS Gateway information.

To "Add" a Mail SMS Gateway, select Add then check the Mail SMS radial button.

This approach provides a facility to send a SMS via a SMTP server, a gateway can be setup and included in the prioritised list of gateways.

Add Mail SMS Gateway

The Address format which should be #MOBILENUMBER#@atyourprovider.com

If the Telco provider allows user modifications to Subject and Body formats, please set these.

Enter dialling codes for countries or domain that should be served by this Voice gateway, this can be selected from the radio button drop down menu. When dealing with country codes, for a particular SMS gateway, multiple country codes can be assigned, by coma separating.

Click Update if any changes have been made or Continue when complete, this will then save all SMS Gateway information.

 

Test Push Gateways

To test and diagnose a Push Gateway, select the Push tab in SMS/Voice Gateways.

 

The below three push notification gateway services connections can be tested from the “Push” Tab by selecting “Test Connection”

  • ApplePushService
  • GoogleCloudMessaging
  • MicrosoftPushService

The test connection will return a status and a Trace can be displayed if required.

 

Proxy for Web Services

Proxy for Web Services

If the organisation requires the use of a Proxy Server, this must be setup using the Proxies button:

 

Proxy Settings

Once the properties for the proxy server have been saved, the user can select to use the Proxy when setting up the individual gateways for web services such as Web SMS or Voice.

 

Test Priorities

Priorities can be tested to check that the correct priority has been applied for each gateway method.

Select "Test Priorities" button.

Select "Request type", options are SMS, VOICE

Select the Domain and finally select the country code.

Once "Test" is invoked, an output will show the priority order for the selected gateway method.

Click close when complete.

Note: Bomgar Verify supports proxy servers - enable the checkbox and populate proxy settings

Note: The Bomgar Verify Advanced Configuration Wizard can be exited at any time after configurations have been made.

RADIUS Server Configuration

Radius Server Configuration

Start/Programs/Bomgar/Advanced Configuration Wizard, select Radius tab.

 

Radius server (if the check box is enabled) will install the Radius component to allow integration with any network access devices that can utilise the Radius protocol i.e. SSL appliance, Firewall or VPN.

To setup the Radius Service, enter port information to reflect the network environment the Bomgar Verify Security server is to operate within.

Click Save and Finish.

Note: If the Bomgar Verify Security server has multiple IP Addresses and or Network Interface Card’s a RADIUS listener will be started on each individual IP address.