Application Setup in GateKeeper Hub Manager
For on-premise GateKeeper Hub only. The Application Setup page allows for
- SQL Server connection
- Active Directory access
- management of Windows computers through the Windows Management service
- ability to broadcast the Hub IP and port number
- connecting the Hub to a Syslog server for logging
- setting up restrictions on IP addresses that can connect to the Hub
SQL Server Connection
The first task is to connect the GateKeeper Hub server application to an SQL Server to create and manage a database to be used by the Hub. GateKeeper Hub requires an SQL database to store data regarding users, computers, logs, etc. This database is part of an SQL Server instance that is running on your network. The SQL Server can be running locally on this computer, or any other computer on your network. All the data is stored on your network and not shared with anyone else.
Click Settings () to bring up three options:
Create a new database for Hub (create new SQL database)
Edit existing connection (edit SQL connection)
Update connected database (synchronize existing SQL database)
Create New SQL Database
Clicking on the button to create a new database will bring up a sidebar with options to log in to an SQL Server and create a new user and database for the Hub to utilize. A new database must be created the first time the Hub is installed. You will need the instance name of the SQL Server and administrative rights to create databases in the SQL Server instance. While creating the new database, a new GateKeeper Hub user is also added to the SQL Server with ownership rights to the newly created database.
(local)\INSTANCENAME |
Enter the location of the SQL Server. If the SQL Server is on the same machine as the Hub, then the SQL Server address will be of the form:
Typical instance names for SQL Servers are SQLEXPRESS or MSSQLSERVER.
IPADDRESS,PORT\INSTANCENAME |
If the SQL Server is on a different computer on the network, then the SQL Server address will be of the form:
192.168.1.44,1433\SQLEXPRESS |
The SQL Server will have to be configured to communicate over Internet Protocol (IP). Typical port number for the SQL Server is 1433, and the instance name is whatever the SQL instance you want to connect to. For example, the SQL address can be written as:
Next, you will select the authentication mode to log on to the SQL Server. This login account must have privileges to create new users and databases in the SQL Server instance.
Select Windows Authentication, from the Authentication Type drop down menu, if your credentials have access to create a database on the SQL Server. If not, select SQL Server Authentication to sign in with credentials that have access to create a database and enter a login username and password.
The next step is to create the GateKeeper Hub database. Default values for the database name, database user, and database password are auto filled. These can be changed as required. Once the values are filled in, click on Create Database to create the new user and database.
Once the database has been successfully created, a notification will confirm it and the sidebar will show the database and user created for use with GateKeeper Hub.
Edit Existing SQL Server Connection
A SQL Server database connected to the GateKeeper Hub database can be changed at any time. You can edit the SQL connection information using the Edit existing connection (edit SQL Server) option. This is useful if there are multiple GateKeeper Hub databases on the network, and you want to switch the Hub server from one to another. This is also useful if the SQL Server user assigned to GateKeeper Hub has to be changed. This may occur if the database administrator has changed the password for the GateKeeper database user. If the GateKeeper database user has changed, then the Hub will no longer be able to communicate with the SQL Server and must be updated by editing the SQL Server connection.
The currently connected SQL Server and database will be displayed when the side panel is first opened. Click Edit to make changes to the SQL connection.
Once you have updated the various fields, click Save Changes to save your edits. This will then verify all changes including the connection to the SQL Server, validity of the database, accessibility by the user, and the tables inside the database. If everything is verified, then the new settings will be saved, and the GateKeeper Hub website will be restarted.
Additionally, there’s a button to ensure that the SQL Server has mixed mode authentication enabled. Clicking on the Enable Mixed Mode Authentication button will enable SQL authentication on the SQL Server if it was not already enabled. This is important because the GateKeeper Hub server can only use SQL Authentication to access the SQL Server.
Synchronize GateKeeper Database
Whenever a new instance of the GateKeeper Hub is installed, it modifies the tables in the GateKeeper database associated with the Hub to ensure that all database changes are incorporated properly. In order to make sure that the database has been successfully updated, a backup button to synchronize all tables in the GateKeeper database is provided. Click this button to run an SQL script to update the tables in the GateKeeper database as needed.
Active Directory Access
GateKeeper Hub can manage your Active Directory users. You can change Active Directory passwords, deactivate accounts, and much more directly from the GateKeeper Hub web interface. In order to do this, the Hub requires WRITE ACCESS to Active Directory. The Hub Manager can be used to add a new account in Active Directory for GateKeeper Hub to use, or you can assign an existing account to GateKeeper Hub as well. Make sure that this account has permissions to WRITE to Active Directory.
Clicking Settings () will expand two more buttons:
Create new AD Account
Edit AD Account
Create an Active Directory Account
The Hub Manager can create a new user account in your Active Directory with the appropriate permissions to make changes to user accounts in AD. You can either create a new account yourself or let the Hub Manager automatically create one for you.
It is important that the account that is created have WRITE access to Active Directory. This will allow the GateKeeper Hub website to be used for managing passwords and other aspects of AD accounts.
Enter the domain, username, and password in the appropriate text boxes. In the Select Active Directory Group dropdown menu, please select a group that has WRITE access to Active Directory. Typically this group will be the Domain Admins group.
Click Save Changes to finish setting up the AD account for GateKeeper Hub to use.
Assign an Existing Active Directory Account
You can also select an existing user account from your Active Directory. Make sure the selected account has the correct permissions to make changes to the Active Directory.
Click Select to show the Windows Select User or Group screen. Search for AD accounts and then type in the password for the chosen account.
Make sure to pick an account that has WRITE access to Active Directory.
Click Save Changes to finish setting up the AD account for GateKeeper Hub to use.
Windows Management Service
GateKeeper Hub provides admins access to many properties of all GateKeeper-enabled computers on your network including CPU usage, memory, disk space, network adapters, processes, services, and others. In order to access these properties, the Hub server needs to install and run the GateKeeperHub.WindowsManagement service. This service must run under an Active Directory account which has the capability to access processes on all computers on your network.
Click Settings () to expand two options for setting up GateKeeper Windows Management service.
Select AD Account for WMI Service
Start or Stop the GateKeeper Windows Management Service
Select Active Directory Account to Run the Windows Management Service
Please select an Active Directory account and assign it to the GateKeeper Hub's Windows Management service to run using that account. Please make sure to select an Active Directory account that has permissions to access processes on all computers of your network. We recommend choosing a Domain Admin account for this purpose.
Click Select to show the Windows user picker tool. You can search for AD accounts there and then type in the password for the chosen account. The account must have the following form:
username@domain |
Make sure to pick an account that has rights to access processes on all computers on your network.
Click Change Account to finish setting up the AD account for GateKeeper Hub to use.
Start or Stop the GateKeeper Windows Management Service
The other option in the GateKeeper Windows Management Service menu is to start or stop the service. Clicking on that button will bring up a sidebar that shows the current status of the service and buttons to either Start or Stop it.
Broadcast GateKeeper Hub Server Address
The GateKeeper Hub Broadcaster service broadcasts the IP address and port number of the Hub website using UDP transport on the local network. This allows the GateKeeper Client applications on the computers in the network to automatically detect the Hub and connect to it in order to sync information. While this service is not necessary for client-server communication, you can use it to make sure that Client applications are always connected to the correct Hub IP address. Click Settings (Gear) to open a sidebar menu where you can enable Hub Broadcasting.
The broadcaster service sends out the IP address and port number on specific UDP ports which should be opened in the firewalls of the GateKeeper-enabled computers on the network.
Syslog Server Connection
Logs from the GateKeeper Client applications sent to the Hub are uploaded to your Syslog server. Add the address and port number of the Syslog server to the Hub application settings to enable this feature.
Click Settings () to bring up a sidebar where you can put in the address and port number of your SysLog server. Then, click the switch to enable “Logging ON” and click Save Changes to save the SysLog server information for the GateKeeper Hub to use.
IP Restrictions
The GateKeeper Hub website is accessible from all computers on the local network. If the local network is set up using non-traditional network addresses and subnet configurations, you can restrict access to the Hub from specific IP addresses if you so desire. This setting allows network administrators to control access to the GateKeeper Hub website from certain IP addresses.
Allowed IP Addresses
If no IP addresses are chosen, then all possible IP addresses on the local network will have access to the Hub website. Click Settings to expand the sidebar where you can set ranges of IP addresses from which the Hub website can be accessed. For example, a typical IP address range for a local network is 192.168.1.1-192.168.255.255.
For any additional questions or concerns regarding proximity login, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
GK application setup; gk application set up; hub manager applications;
Comments
0 comments
Please sign in to leave a comment.