Appliance prerequisites

In this section:

The appliance in an enterprise network

We recommend that you install the File Director appliance on a hypervisor or virtual machine server in the enterprise demilitarized zone (DMZ). From there the appliance does the following:

  • Provides secure communications using Secure Socket Layer (SSL) encryption.
  • Uses your existing Lightweight Directory Access Protocol (LDAP) to communicate with the Active Directory and configure users, groups, and home folders.
  • Looks up the location of the file servers using a Domain Name System (DNS) server.
  • Connects to existing file storage using Server Message Block protocol (SMB2 protocol or later). This may also be known as Common Internet File System, CIFS.

Refer to Prerequisites in Ivanti User Workspace Manager help.

External firewall requirements

For the external firewall, configure the following IP ports:

TCP 443 - Clients connect to the File Director appliance on SSL on port 443 so that they can synchronize files. It is recommended that you make this the only external port mapped to the appliance.

Internal firewall requirements

For the internal firewall, configure the following IP ports:

  • TCP 389 - Active Directory service LDAP on TCP 389 (or port 636 if secure LDAP is used).
  • TCP 445 - File store SMB/CIFS on TCP 445
  • TCP 443- For internal client connections
  • TCP 8443 - The web administration interface is available over SSL on http port 8443
  • UDP 53 - Domain Name System (DNS) on UDP 53
  • UDP 123 - Network Time Protocol (NTP) on UDP 123. See also NTP in Advanced Configuration.

Additional Ports

The following ports can be enabled if required:

  • TCP 8000 - Open this port if you require the Ivanti Support service.
  • TCP 8001 - Open this port if you are require the Network Load Balancing health check.
  • TCP/UDP 88 - If the File Director server is secured in a DMZ, you must open port 88 on the firewall for Kerberos Authentication to work.

Supported operating systems and technologies

For details of supported operating systems see the Maintained Platforms Matrix on the Ivanti website.

LDAP directory service

The appliance needs read-only access to a Microsoft Active Directory (AD) service through a read-only user account.

You can change the home folder field that the appliance uses in the AD records. By default, it uses homeDirectory. If you want to use the RDP or Terminal Services home folder, you can specify CtxWfHomeDir instead. The home folder feature can be disabled if required.

DNS settings

File Director requires internal DNS settings and a public DNS record.

To synchronize user home folders, the appliance needs to correctly resolve the address of the file servers where the folders are stored. The appliance uses DNS resolution to locate the correct file server. The appliance DNS settings must specify the DNS servers within the AD, and in order to resolve the short-form file-server addresses used in user AD records, the domain names it should search.

To access the File Director service on the Internet, you must set up a public DNS record using the File Director server name. You can then use this public DNS name to generate the Certificate Signing Request (CSR) and apply for a publicly trusted SSL certificate.

A Reverse DNS (PTR) record is required in DNS for each file server that will be accessed by File Director. This can be validated from a Windows endpoint by typing: ping –a 10.0.0.1 (where 10.0.0.1 is the file server IP v4 address).

If reverse DNS is properly configured, it should return the FQDN, for example. server.mycompany.com. If it returns just the IP address, or the single-label host name, for example, server, then it is likely that reverse DNS is not configured correctly.

Any changes to DNS configuration may require a reboot of the File Director appliance to expedite the changes to its DNS cache.

VM Network Adapter

The VMWare base image for File Director includes the VMXNET3 network adapter for virtual machines. This adapter has support for a 10 GB network capability.

Earlier releases of the File Director base image (2020.3 and earlier) included the E1000 adapter which emulates a 1 GB NIC.

Checklist of required information

To complete the installation and configuration of the File Director appliance you need the following information or resources:

  • Hypervisor: Hyper-V or VMware ESX

  • File Director Network:

    • File Director Appliance Name: <appliance name>

    • Applicance IP address: <IP address>

    • Subnet mask: <IP mask>

    • Gateway: <gateway IP>

  • DNS:

    • DNS servers: <IP addresses>

    • DNS search domains: <domain name>

  • Active Directory:

    • Domain controllers: <IP addresses>

    • LDAP port: <port number>

      The port number default is 389 or 636 when using secure LDAP.

    • LDAP bind account: <[email protected]>

    • LDAP bind password: <password>

Related topics

Sizing and monitoring your deployment

Google Drive connector for home map points

File Director telemetry