2.9. The IDERI note Gateway Component¶
The IDERI note Gateway is an optional component within the IDERI note product suite primarily responsible for the communication of IDERI note mobile clients and the IDERI note server. In doing so, the IDERI note Gateway acts as a link between the IDERI note Server and IDERI note mobile clients that, unlike the desktop client, use certificates to authenticate users.
2.9.1. Overview¶
The IDERI note Gateway consists of two services and a configuration interface that guides you through the required steps for configuration. (Figure 2.8)
As e.g. Smartphones and tablets with operating systems like Apple’s iOS or iPadOS or Google’s Android can not be am member of a domain and do not allow a user login like a desktop client we had to find another way how a user can be authenticated by the IDERI note server with the users Active Directory® credentials. In addition, these devices are often outside the corporate network, where they can not access the IDERI note servers. This is where the the IDERI note Gateway steps in. The user creates a new connection in the IDERI note mobile App that connects to the IDERI note Gateway and also holds the users Active Directory® credentials, as shown in figure 2.9 which, backed up by an SSL connection, are then passed to the gateway.
The IDERI note Gateway checks these credentials against the Active Directory® and on success issues a certificate to the user (or the connection). From them on the user authenticates against the gateway with this certificate as a domain user. If a new IDERI note message is created for this user the IDERI note Gateway directs the message to the connection and the user also gets this message displayed on his IDERI note mobile App. (Figure 2.10)
Those issued certificates can be viewed via the Microsoft Management Console (MMC). For this purpose IDERI note offers an IDERI note Certificates MMC snap-in, which can be added via the MMC as usual. Once loaded it provides an overview and information on all issued and currently active or quarantined certificates as shown in figure 2.11. For more information on IDERI note MMC Snap-In please see chapter 2.10.
2.9.2. Prerequisites¶
To successfully use the IDERI note Gateway ensure that the following is given:
- The server running the IDERI note Gateway must to be a member of the same Active Directory® domain as the IDERI note server.
- The IDERI note Gateway must have a connection to a domain controller, at least a read only domain controller (RODC).
- The IDERI note Gateway must have a connection to the IDERI note server via the configured TCP ports for administrative and client interface (see chapter 7.25) and must also be able to resolve the IDERI note servers DNS namen (Full Qualified Domain Name) and its NetBIOS name.
- The IDERI note Gateway has to be fully configured via its configuration interface. (see chapter 7.32)
- The IDERI note mobile clients must be able to connect to the IDERI note Gateway via the defined TCP port (standard is 443).