Using Enterprise Resource Gateway Servers

The Enterprise Resource Gateway (ERG) proxy server controls internet traffic and access to internal resources. ERG servers receive client requests and authenticates them based on the Client Exchange/Device ID and other parameters, and then forwards the requests to the destination server.

You can use ERG with SOTI Hub on-premises repositories and Exchange Server.

An overview of how ERG works:

Establish criteria to accept or deny client requests.
A client makes a request to a repository or Exchange Server using the URL of the proxy server such as example.domain.com.
A proxy server controlled by SOTI MobiControl receives the request.
The proxy server forwards authorized requests.

Note: The ERG is a reverse proxy that performs IIS rewrites to allow access to Microsoft Exchange resources (such as Outlook Web Access or ActiveSync). This functionality exposes your Exchange Server as a public-facing server to the internet through the ERG and can leave the Exchange Server vulnerable to cyber attacks. Follow security best practices in the administration of Exchange Server as detailed in Microsoft's documentation and perform regular software updates. See Defending Exchange servers under attack.

Information on setting up an ERG:

Note: ERG with SOTI MobiControl provides support for:

Gmail, Samsung and iOS default email clients
Basic and Modern authentication methods

Note: When upgrading SOTI MobiControl, you must also upgrade the ERG. Use the ERG setup file provided with the updated SOTI MobiControl console.

Note: The SOTI MobiControl XAS certificate authenticates the ERG requests sent to SOTI MobiControl. The XAS certificate is valid for five years after creation date. After that, you must update the XAS certificate - see Updating SOTI MobiControl XAS Certificates.