Configuring remote access to file servers with IAG

  • Article

Applies To: Intelligent Application Gateway (IAG)

When allowing remote access to internal file structures with Whale Communications Intelligent Application Gateway (IAG) 2007, you can configure the File Access application to provide access to Windows and Novell NetWare file servers. To provide access to Windows file servers, you must configure IAG as a domain member. To provide access to Novell NetWare servers, you must install a Novell client on the IAG server.

After setting up Active Directory Domain Services or Novell NetWare on the IAG server, you can configure the file servers for remote access and grant remote user permissions for file server access. For more information, see Configuring file access permissions and settings in IAG.

Configuring IAG in Active Directory Domain Services

In order to allow remote access to file servers, IAG must be either a member of the domain to which the file servers belong or a member of a domain which has a trust relationship with the file server domain. You can configure IAG as a domain member by using one of the following two options:

  • Define IAG as a domain controller for a new Active Directory domain.

  • Join IAG to an existing Windows domain.

Setting up IAG as a domain controller

In this setup, you configure IAG as the domain controller for a new Active Directory (Windows Server 2003) domain, in a new domain tree, in a new forest. For information about configuring a domain controller, see Managing domain controllers: Active Directory.

When installing IAG as a domain controller, note the following:

  • During Active Directory installation on the IAG server, select all of the following options:

    • Domain Controller for New Domain

    • New Domain Tree

    • New Forest

  • Ensure that the startup type for the following Windows services on the IAG server is set to automatic:

    • Computer Browser (optional, for performance enhancement)

    • Distributed Transaction Coordinator

    • Workstation

  • On the network adapter that is used to access file servers, ensure that Client for Microsoft Networks is installed and activated. For instructions, see Installing Client for Microsoft Networks.

  • Establish domain trust relationships between IAG and every domain in which file servers are located. Users can be part of a user domain or a resource domain. The file server domains must trust the domains in which users are located, whereas the trusted domains may not trust the file server domains.

Joining IAG to an existing domain

You can join the IAG server to the domain in which file servers and users who will access file servers remotely are located. You can join IAG to a native Active Directory domain, a Microsoft Windows NT Server 4.0 domain, or a mixed-mode domain. Joining a domain requires the following steps:

  1. If you join IAG to a Windows NT Server 4.0 domain or a mixed-mode domain, you must set the local security policy on the IAG server before joining the domain.

  2. Set Windows services on the IAG server to start automatically.

  3. Install Client for Microsoft Networks on the adapter of the IAG server that is connected to networks in which file server resources are located.

  4. Join the IAG server to the domain.

Setting the local security policy for Windows NT Server 4.0 and mixed-mode domains

To set the local security policy when joining IAG to a Windows NT Server 4.0 domain or an Active Directory mixed-mode domain

  1. On the IAG server, click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.

  2. On the Local Security Settings window, in the Tree pane, select Local Policies, and then select Security Options.

  3. On the Policy pane, set the Local Security Policy settings. To edit a policy, double-click it. Then in the Local Security Policy Setting dialog box, select the required setting and click OK. If you modify Local Security Policy settings, you must restart the IAG server in order to apply the new settings. Configure parameter settings as follows:

    • Domain member: Digitally encrypt or sign secure channel data (always): Disabled

    • Domain member: Require strong (Windows 2000 Server or later) session key: Disabled

    • Microsoft network client: Digitally sign communications (always): Disabled

    • Microsoft network server: Digitally sign communications (always): Disabled

    • Microsoft network server: Digitally sign communications (if client agrees): Disabled

    • Network Security: LAN Manager Authentication Level: Send LM and NTLM responses

Setting Windows services to automatic

To set services to automatic

  1. On the IAG server, set the startup type for the following Windows services to automatic:

    • Computer Browser (optional, for performance enhancement)

    • Distributed Transaction Coordinator

    • Workstation

Installing Client for Microsoft Networks

Install Microsoft Client for Microsoft Networks on the IAG server. Note that you might be required to provide the operating system installation disk while completing this task.

To install Client for Microsoft Networks

  1. On the IAG computer, click Start, point to Settings, and then click Network Connections.

  2. In the list of connections, select the Local Area Connection that is used to access the file server resources.

  3. On the Local Area Connection Status dialog box, click Properties.

  4. Below the This connection uses the following items list, check whether Client for Microsoft Networks is listed, and do one of the following:

    • If Client for Microsoft Networks is listed, and the check box next to it is selected, you do not need to take any further steps. Click OK to close the dialog box.

    • If Client for Microsoft Networks is listed, and the check box next to it is cleared, select the check box, and then click OK. You do not need to take any further steps.

    • If Client for Microsoft Networks is not listed in the Local Area Connection Properties dialog box, continue with the following steps.

  5. In the Local Area Connection Properties dialog box, below the This connection uses the following items list, click Install.

  6. On the Select Network Component Type dialog box, verify that Client is selected in the list, and then click Add.

  7. On the Select Network Client dialog box, verify that Client for Microsoft Networks is selected in the list, and click OK. If prompted, insert the Windows Server 2003 installation CD.

    The Select Network Client dialog box closes. In the Local Area Connection Properties dialog box, Client for Microsoft Networks is listed.

  8. Make sure that the check box next to Client for Microsoft Networks is selected, and click OK to close the dialog box.

    The installation of the Client for Microsoft Networks is complete.

  9. Restart IAG, as prompted.

Configuring IAG with Novell NetWare

In order to share Novell NetWare Server resources through the File Access application, you need to install a Novell client on IAG, as described in this section. While remote users interact with Novell NetWare Servers through the File Access interface, temporary “virtual” users may be created on IAG, with the following name format: whnwu_<hexadecimal_value>. These users are deleted as soon as the real user closes the File Access interface.

To set up IAG to enable File Access to Novell NetWare Servers

  1. Install a Novell client on IAG, using a Typical installation mode.

  2. When prompted, restart IAG.

    Access to Novell NetWare Servers can be enabled on IAG.