2.11.1 Building an Internet gateway
To build an Internet gateway, first build a management server. Then install Microsoft Internet Information Services and an Internet gateway. You can build an Internet gateway as follows.
- Important
-
The Internet gateway does not support a cluster system.
How to build an Internet gateway
You can build an Internet gateway by following the steps described below. Perform steps 1 to 5 on the Internet gateway server, step 6 on the firewall at the boundaries between the Internet and the DMZ and between the DMZ and the internal network, and steps 7 and 8 on managed computers.
-
Install an agent or a relay system. If you want to use distribution by using Remote Installation Manager, install a relay system.
In that case, change the number of concurrent connections to the relay system from 50 to 100. Change the setting value of Relay System Settings - Processing Settings for the Relay System - Number of JP1/IT Desktop Management 2 - Agents that can Be Connected to the Relay System Concurrently in the Agent Configuration.
-
Install Microsoft Internet Information Services.
-
Install an Internet gateway.
-
Set up the installed Internet gateway.
-
Specify the Microsoft Internet Information Services settings.
-
Specify the firewall setting.
-
Install an agent for Internet connection on the computers to be managed by JP1/IT Desktop Management 2.
-
Confirm that managed computers have successfully established a communication with the Internet gateway.
Related Topics:
- Organization of this subsection
(1) Installing Microsoft Internet Information Services
Install Microsoft Internet Information Services on the Internet gateway server. Add information regarding the roles of Web Server (IIS) described in the following table:
Item |
Role service |
|
---|---|---|
Web Server |
Common HTTP Features |
HTTP Errors |
Directory Browse |
||
Default Document |
||
Static Content |
||
Security |
Basic Authentication |
|
Application Development |
ISAPI Extensions |
|
Management Tools |
IIS Management Console |
(2) Installing an Internet gateway
To install an Internet gateway, you have to log on to the OS as a user having administrator permissions.
- Important
-
If you install an Internet gateway on a Windows computer that supports User Account Control (UAC), a dialog box requesting elevation of the user permission level might appear. If this dialog box appears, agree to the request.
- Important
-
Do not shut down the OS during installation. If you do so, the program might not operate correctly even if you install it again later.
- Important
-
Before installing an Internet gateway, shut down all Windows applications.
- Important
-
Do not specify a folder in which other products (including JP1/IT Desktop Management 2) are installed as the folder in which to install the Internet gateway.
To install an Internet gateway:
-
Insert the media supplied with the product in the CD/DVD drive.
-
In the Hitachi Integrated Installer dialog box that opens, select JP1/IT Desktop Management 2 - Internet Gateway, and then click the Install button.
-
In the dialog box indicating the start of installation, click the Next button.
-
In the Installation folder dialog box, specify the installation folder, and then click the Next button.
-
In the confirmation dialog box for the installation, click the Install button.
Installation starts.
-
When the installation finishes, click the Completed button.
Installation of an Internet gateway is complete. If a message asking you to restart the computer appears, restart it.
(3) Setting up the Internet gateway
If you install JP1/IT Desktop Management 2 - Internet Gateway, you must perform setup as soon as installation is complete.
To set up the Internet gateway:
-
If the World Wide Web Publishing Service is up and running, stop it.
-
From the Windows Start menu, select All Programs, JP1_IT Desktop Management 2 - Internet Gateway, and then Internet Gateway Setup.
-
In the IT Desktop Management 2 - Internet Gateway Setup dialog box, set a higher system for the Internet gateway#.
-
Click the OK button.
#:
- Using Remote Install Manager for distribution
-
Install a relay system to the Internet gateway server, and specify Relay system to Higher system for distribution that uses Remote Install Manager and localhost to Host name or IP address.
- Not using Remote Install Manager for distribution
-
Specify Management server to Higher system for distribution that uses Remote Install Manager and the host name or the IP address of the management server to Host name or IP address.
(4) Setting up Microsoft Internet Information Services
You have to first set up the Internet gateway before you can set up Microsoft Internet Information Services. For details about how to set up Microsoft Internet Information Services, see the Microsoft Internet Information Services manual.
To set up Microsoft Internet Information Services:
-
Set ISAPI restrictions.
-
Set a server certificate.
-
Add and set an application.
-
Set permissions for folders.
-
Start the World Wide Web Publishing Service.
To set ISAPI restrictions:
Under ISAPI and CGI Restrictions on the Internet gateway server, add the following settings:
ISAPI or CGI path |
Allow extension path to execute |
---|---|
Internet-gateway-installation-folder\igw\web\itdm\jdngwsvr.dll |
Select the check box. |
Internet-gateway-installation-folder\igw\web\dm\jdngwsvr_dm.dll |
Select the check box. |
To set a server certificate:
By using Server Certificate of the Internet gateway server, complete server certificate request.
- Server certificate certified by a certification authority that can complete server certificate request
-
Path to the file containing the server certificate certified by the certification authority#
#: Do not store the server certificate file in the folder in which the Internet gateway has been installed.
- Friendly name
-
Any
To add and set an application:
Add the following configuration in Microsoft Internet Information Services:
Item in Microsoft Internet Information Services |
Setting |
Description |
|
---|---|---|---|
Sites |
Name |
Default Web Site |
|
Site Bindings#1 |
|
||
Enabled Protocols |
https |
||
Authentication |
|
||
Applications |
Alias |
jp1itdmigw1 |
jp1itdmigw2 |
Application Pools |
AppPooljp1itdmigw1 |
AppPooljp1itdmigw2 |
|
Physical path |
Internet-gateway-installation-folder\igw\web\itdm |
Internet-gateway-installation-folder\igw\web\dm |
|
Enabled Protocols |
https |
||
Edit Feature Permissions under Handler Mappings |
Execute: Selected |
||
HTTP Response Header |
|
||
Application Pools |
Name under General |
AppPooljp1itdmigw1 |
AppPooljp1itdmigw2 |
Enable 32-Bit Applications under General |
True |
||
Idle Time-out Action under Process Model |
|
||
Regular Time Interval (minutes) under Recycling |
0 |
#1: Delete the line showing the default settings (Type: http, Port: 80).
#2: Specify this setting for the following in Internet Connection Settings - Internet Gateway - Port Number in the Agent Configurations view.
#3: Enable or disable this option as necessary. Furthermore, specify this setting for the following in the Agent Configurations view: Internet Gateway Communication Settings.
To set permissions for folders:
For the following folders, grant the Modify permissions to the authentication user#:
-
Internet-gateway-installation-folder\log
-
Internet-gateway-installation-folder\igw\Web\work
This refers to the user specified by User ID of Internet Gateway Communication Settings in the Agent Configurations view. If no user ID is specified (if Anonymous Authentication is to be used to authenticate the site), IUSR is the authentication user.