In this section:
- The appliance in an enterprise network
- Additional ports
- Supported operating systems and technologies
- LDAP Directory Service
- DNS settings
- Checklist of required information
We recommend that you install the File Director appliance on a hypervisor or virtual machine server in the enterprise demilitarized zone (DMZ). From there the appliance does the following:
- Provides secure communications using Secure Socket Layer (SSL) encryption.
- Uses your existing Lightweight Directory Access Protocol (LDAP) to communicate with the Active Directory and configure users, groups, and home folders.
- Looks up the location of the file servers using a Domain Name System (DNS) server.
- Connects to existing file storage using Server Message Block (SMB) protocol (also known as Common Internet File System, CIFS).
External firewall requirements
For the external firewall, configure the following IP ports:
TCP 443 - Clients connect to the File Director appliance on SSL on port 443 so that they can synchronize files. It is recommended that you make this the only external port mapped to the appliance.
Internal firewall requirements
For the internal firewall, configure the following IP ports:
- TCP 25 - For SMTP to the internal email system
- TCP 389 - Active Directory service LDAP on TCP 389
- TCP 445 - File store SMB/CIFS on TCP 445
- TCP 443 - For internal client connections
- TCP 8443 - The web administration interface is available over SSL on http port 8443
- TCP 80 - May be required if connecting to internal non-SSL WebDAV resources
- UDP 53 - Domain Name System (DNS) on UDP 53
The following ports can be enabled if required:
- TCP 8000 - Open this port if you require the Ivanti Support service.
- TCP 8001 - Open this port if you are require the Network Load Balancing health check.
- TCP/UDP 88 - If the File Director server is secured in a DMZ, you must open port 88 on the firewall for Kerberos Authentication to work.
For details of supported operating systems see the Maintained Platforms Matrix on ivanti.com.
The appliance needs read-only access to a Microsoft Active Directory (AD) service through a read-only user account.
You can change the home folder field that the appliance uses in the AD records. By default, it uses homeDirectory. If you want to use the RDP or Terminal Services home folder, you can specify CtxWfHomeDir instead. The home folder feature can be disabled if required.
File Director requires internal DNS settings and a public DNS record.
To synchronize user home folders, the appliance needs to correctly resolve the address of the file servers where the folders are stored. The appliance uses DNS resolution to locate the correct file server. The appliance DNS settings must specify the DNS servers within the Active Directory and, in order to resolve the short-form file-server addresses used in user AD records, the domain names it should search.
To access the File Director service on the Internet, you must set up a public DNS record using the File Director server name. You can then use this public DNS name to generate the Certificate Signing Request (CSR) and apply for a publicly trusted SSL certificate.
A Reverse DNS (PTR) record is required in DNS for each file server that will be accessed by File Director. This can be validated from a Windows endpoint by typing ping –a 10.0.0.1 (where 10.0.0.1 is the file server IP v4 address). If reverse DNS is properly configured, it should return the FQDN, for example. server.mycompany.com. If it returns just the IP address, or the single-label host name, for example, server, then it is likely that reverse DNS is not configured correctly.
Any changes to DNS configuration may require a reboot of the File Director appliance to expedite the changes to it's DNS cache.
To complete the installation and configuration of the File Director appliance you need the following information.
|Hypervisor||Hyper-V or VMware ESX|
|File Director Network||Details|
|File Director Appliance Name||<appliance name>|
|Appliance IP address||<IP address>|
|Subnet mask||<IP mask>|
|DNS servers||<IP addresses>|
|DNS search domains||<domain names>|
|Domain controllers||<IP addresses>|
|LDAP port||<port number> (default 389)|
|LDAP bind account||<[email protected]>|
|LDAP bind password||<password>|
Was this article useful?
Copyright © 2019, Ivanti. All rights reserved.