Remote administration is not allowed after the trial expires if you do not activate the software.
You can remotely administer EFT using the COM API, but you must first copy the applicable DLL files to a folder on the remote computer and register SFTPCOMInterface.DLL on the remote computer using regsvr32 (described below).
|
Remote administration is not allowed after the trial expires if you do not activate the software. |
Before you can connect from the remote Administrator, you must configure the Server. You must do this locally, on the EFT computer.
Before attempting to connect to a remote EFT, first be sure that the remote EFT service is running, and that it allows remote administration.
If you have configured remote administration, but are unable to connect to EFT, one or more of the following could be preventing the connection:
The IP address of the computer on which you are attempting to connect to EFT is listed in the Remote Administration Ban IP list.
Your SSL certificate is expired or invalid.
The remote administration port value has changed.
EFT’s IP address has changed since the last login.
The firewall settings of the computer on which EFT is installed are blocking the connection.
There is a version mismatch between your administration interface and the EFT service you are trying to administer.
The administrator account with which you are attempting the remote connection does not have access permission to EFT.
Network errors
Administering EFT remotely requires that you copy the following DLL files from the EFT computer to the computer that will be making the remote COM calls (depending on your needs, as indicated below).
Required by the COM API.
These files are installed on the EFT computer in
C:\Program Files(x86)\Common Files\GlobalSCAPE\SFTPCOMInterface:
atl100.dll
mfc100.dll
mfc100u.dll
msvcp100.dll
msvcr100.dll
SFTPCOMInterface.dll (You must register this file on the remote computer.*)
Required by the COM API and
the SSL implementation. These DLLs are required anytime COM
connects to EFT, even when the Require
SSL for remote administration check box is not selected in
the administration interface. These files are installed on the EFT
Server computer in
C:\Program Files(x86)\Common Files\GlobalSCAPE\SFTPCOMInterface:
SSL.dll
SSLFips.dll
GSCrypto.dll
GSCrypto.dll.sha1
Required to create or administer
SSH Keys via COM. These files can be found installed on EFT
in the install directory of EFT, by default
C:\Program Files(x86)\GlobalSCAPE\EFT
Server Enterprise:
Sftp.dll sftp
FIPS.dll
cryptopp.dll
*All DLL files should be copied to the same folder as the SFTPCOMInterface.dll and should not be moved after the SFTPCOMInterface.dll is registered using regsvr32.exe, as described below:
To register SFTPCOMInterface.dll
In the directory on the remote computer to which you copied the above files, run regsvr32. For example, type:
Regsvr32.exe SFTPCOMInterface.dll
For more information about the Registration Tool, refer to Explanation of Regsvr32 usage and error messages on the Microsoft Support site.
Below are several facts to consider regarding remote administration:
SSL certificates cannot be created or managed remotely. You are prohibited from creating certificates for EFT while remotely administering EFT because this action can create a security breach. Any certificates you create remain on the computer on which you created them, unless you take steps to deliver and associate these files with another computer.
Organizations complying with the PCI DSS are required to use SSL for remote administration. If you attempt to allow remote administration on a High Security Site, a message warns you that this setting violates PCI DSS 2.3, and allows you to continue with reason or disable the feature.
File browse operations are disabled for remote administration. You can, however, type a path that is relevant to the EFT computer (not the remote interface). You are able to browse for a Settings Template folder, because you are browsing the VFS, not the physical folders.
When the trial period has expired, all remote connections are disallowed.
You cannot configure remote administration remotely.
You must configure the local connection before you can configure a remote connection.
For remote Active Directory connections, the connecting account must have access to the computer on which EFT is installed.
You should restrict remote administration to one or more known static IP addresses.
By default, all IP addresses are granted remote access to EFT. EFT allows you to grant access to only one specific IP address or a range of IP addresses, or deny access to one specific address or a range of addresses.
For command-line login, the EFT listening IP address must be set to a specific IP address, not All Incoming. Remote administration must be configured and EFT must be in the same domain as the computer from which you are attempting to log in.
If you are logged in to EFT remotely, your username and password are passed to the Windows System Services on the computer running EFT. The account that you log on with must have administrative rights to make any changes to the GlobalSCAPE EFT service running on that computer.
If you are using SQL Express as your database, you may not be able to generate a report remotely, unless the connecting account is a trusted SQL Server connection (e.g., if SQL Server and the remote computer are in the same domain, or if SQL Server is configured to allow "mixed authentication.")
When objects are created, added, removed, modified, enabled, disabled, started, or stopped remotely, the action is logged to the database and reported in the Administrator Actions Log.
The EFT variable for remote EFT connections is %CONNECTION.REMOTE_IP%.