Using Enterprise Resource Gateway Servers
The Enterprise Resource Gateway (ERG) proxy server controls internet traffic and access to internal resources. ERG servers receive client requests and authenticates them based on the Client Exchange/Device ID and other parameters, and then forwards the requests to the destination server.
You can use ERG with SOTI Hub on-premises repositories and Exchange Server.
An overview of how ERG works:
- Establish criteria to accept or deny client requests.
- A client makes a request to a repository or Exchange Server using the URL of the proxy server such as example.domain.com.
- A proxy server controlled by SOTI MobiControl receives the request.
- The proxy server forwards authorized requests.
Note: The ERG is a reverse proxy that performs IIS rewrites to allow access
			to Microsoft Exchange resources (such as Outlook Web Access or ActiveSync). This
			functionality exposes your Exchange Server as a public-facing server to the internet
			through the ERG and can leave the Exchange Server vulnerable to cyber attacks. Follow
			security best practices in the administration of Exchange Server as detailed in
			Microsoft's documentation and perform regular software updates. See Defending Exchange servers under
			attack.
		Information on setting up an ERG:
- System Requirements for Enterprise Resource Gateway (ERG)
- Configuring the SOTI MobiControl Root Certificate for the Enterprise Resource Gateway
- Generating ERG Installation Files
- Installing ERG for SOTI Hub or Email Exchange Server
- Configuring ERG
Note: ERG with SOTI MobiControl provides support
				for:
		- Gmail, Samsung and iOS default email clients
- Basic and Modern authentication methods
Note: When upgrading SOTI MobiControl, you must also upgrade the ERG. Use the
			ERG setup file provided with the updated SOTI MobiControl console. 
		Note: The SOTI MobiControl XAS certificate authenticates the ERG requests sent
			to SOTI MobiControl. The XAS certificate is valid for five years after
			creation date. After that, you must update the XAS certificate - see Updating SOTI MobiControl XAS Certificates.