Using Enterprise Resource Gateway (ERG) Servers

Control Internet traffic and access to your internal resources using the Enterprise Resource Gateway (ERG) proxy server. The proxy server receives all client requests and authenticates them based on Client Exchange / Device ID and other parameters. It then forwards the request to the desired destination server.

You can use ERG with SOTI Hub on-premises repositories and Exchange email servers.

Note: Enterprise Resource Gateway (ERG) is a reverse proxy that performs IIS rewrites to allow access to Microsoft Exchange resources (for example, Outlook Web Access or Active Sync). This functionality exposes your Exchange Server as a public-facing server to the internet through the ERG and can leave the Exchange Server vulnerable to cyber attacks. You should follow all security best practices in the administration of your Exchange Server as detailed in Microsoft's documentation and complete regular software updates when advised to do so. See Defending Exchange servers under attack for more information.

At a high level, this is how ERG works:

  1. You establish criteria against which client requests are accepted or denied.
  2. A client makes a request to a repository or Exchange email server using the URL of the proxy server such as example.domain.com.
  3. A proxy server controlled by SOTI MobiControl receives the request.
  4. The proxy server forwards authorized requests.

To set up ERG, you perform the following steps:

  1. Check system requirements
  2. Configure root certificate
  3. Generate ERG installation files
  4. Install ERG
  5. Configure ERG
Note: Whenever you upgrade SOTI MobiControl, you must also upgrade your ERG. Re-install ERG using the ERG setup file provided with the updated SOTI MobiControl console.
Note: The SOTI MobiControl XAS certificate authenticates the Enterprise Resource Gateway requests sent to SOTI MobiControl. The XAS certificate is valid for five years after it is generated. After that, you need tp update the XAS certificate - see Updating SOTI MobiControl XAS Certificates.