Configuring ManagementStudio in Edge Server Mode
Sometimes, ManagementStudio needs to be installed in a DMZ to provide functionality to users outside the company network. A common scenario is enabling users to fill out forms or surveys from their phones or work-from-home devices. In such cases, full access to ManagementStudio is neither necessary nor desirable. Edge Server Mode allows you to set up an instance of ManagementStudio while limiting most of its functionality from being accessible externally.
TABLE OF CONTENTS
- Configuring ManagementStudio in Edge Server Mode
- Key Considerations
- Setup Instructions
- Edge Project Settings
- Example
Key Considerations
- Database Access
- The Edge Server must have access to the same database as the Primary Server.
- File Storage Path
- If the Edge Server handles file uploads or presents attachments, the `FileStoragePath` in its `appSettings.json` must point to the same location as the Primary Server.
- Scheduled Tasks
- Edge Servers do not run scheduled tasks. Tasks such as email dispatch, ESM operations, connections, and housekeeping are managed by the Primary Server.
- DNS Configuration
- DNS entries for both the Primary and Edge servers must resolve to the same name. This ensures that links generated by ManagementStudio work seamlessly, whether accessed internally or externally, directing users to the correct server based on their network location.
Setup Instructions
To configure an Edge Server:
- Create a New Server
- Set up a new IIS server and install ManagementStudio as you would for a Primary Server.
- Configure Database and File Storage
- Ensure the Edge Server connects to the same database as the Primary Server.
- Set the `FileStoragePath` in the `appSettings.json` to match the Primary Server if file handling is required.
- Enable Edge Server Mode
- In the Edge Server’s `appSettings.json`, enable Edge Server Mode.
- Define Exposed Projects
- By default, all projects are locked down. Explicitly define the projects to be exposed through the Edge Server.
By following these steps and considerations, you can securely configure ManagementStudio in Edge Server Mode to provide necessary external access without exposing the full system.
Edge Project Settings
EnableEdgeMode (true/false) controls if the server is running in Edge Mode. After that each project requires their own set of settings to control their specific access. If a project is not explicitly described in the settings it will be disabled.
When describing an Edge Project the 'ProjectId' is the only setting that is required, all else are optional and assumed false/empty if not present
Name | Value | Note |
---|---|---|
ProjectId | Number | The Id of the Project that these Edge settings describe. |
EnablePortalAuth | true/false | If a portal page is using a wrapper that requires authentication then this companion setting is also required |
EnablePages | true/false | Enable Portal Pages, |
EnableForms | true/false | Enable Portal Forms (Surveys) |
EnableDmrs | true/false | Enable DMR Report pages |
EnableLegacyPortal | true/false | Enable v13 Portal Pages |
EnableDuSelfSchedule | true/false | Enable DU Self-Schedule where users can select their migration slot |
EnableDashboards | true/false | Enable Dashboard Pages |
EnableTestSignOffs | true/false | Enable Test Sign-Offs |
EnableEndPointReports | true/false | Enable End Point Reports (DRM, Ready, History) |
EnableScriptActions | true/false | Enable Script Buttons, required if there are custom buttons on any DRM, Forms or Pages |
BypassAccounts | list | A comma-delimited list of user accounts that can still access the Client/API |
CertificateAccounts | list | A comma-delimited list of user accounts in the format account|thumbprint, that are associated with a Report Agent Cert for authentication |
Example
The following is an example appSettings.json file that
- Enables the Edge Server Mode
- Project 1
- Enable only the Portal Pages that allow users to sign off surveys and schedule their migration slot
- Project 2
- Allow two specific accounts to access the Client/Api
- Enable lots of different types of Portal Pages
- Enable DMR Reports and Endpoints
"EdgeServerSettings": { "EnableEdgeMode": true, "AllowLocalTraffic": false, "LocalTrafficOrigin": "", "EdgeProjects": [ { "ProjectId": 1, "BypassAccounts": "managementstudio, apiaccount", "EnablePages": true, "EnableForms": true, "EnableDuSelfSchedule": true }, { "ProjectId": 2, "BypassAccounts": "", "CertificateAccounts": "apiaccount|6f31b3...", "EnablePages": true, "EnableForms": true, "EnableDmrs": true, "EnableTestSignOffs": true, "EnableDashboards": true, "EnableEndPointReports": true, "EnableDuSelfSchedule": true } ] },