The NetMan SSL Gateway must be installed on a stand-alone Windows server (2003 or 2008) either in the DMZ or in the internal network, and must be accessible to external workstations only over HTTPS; this usually means using port 443.
1. The setup program for the NetMan SSL gateway is in the %nmhome%\System\Setups\NetMan SSL Gateway directory. Copy the setup file to the server on which you wish to run it. The setup program cannot execute on a server on which NetMan Desktop Manager is installed, because the SSL gateway requires a separate server. The setup program prompts you to enter a target path for the installation.
2. Next, you need to define the HTTPS port. The NetMan SSL gateway uses this port for external connections. We recommend using port 443, because firewalls usually permit remote HTTPS access over proxy servers only on this port.
3. The setup program prompts input of data concerning your NetMan Desktop Manager installation. Under NetMan server (FQDN), enter the fully qualified host name of the server on which NetMan Desktop Manager is installed. You should have already set up a certificate with this name using the Certificate Wizard that comes with the NetMan web server. The HTTPS port must be the same port defined for your NetMan web server. This is usually also port 443. The Pass client IP addresses to Web Interface option should be activated.
Make sure the server has sufficient capacity, because all encrypted RDP traffic will be routed through the NetMan SSL gateway. If one server cannot provide the required level of performance, you can install the SSL gateway on additional servers and use load balancing, for example, with round-robin DNS resolution. Alternatively, you could install hardware load balancers.
Port 3389 must be made available for the RDP data traffic between NetMan SSL Gateway and the Session Hosts. This requirement is met automatically if the gateway is in your internal network. If the server is in the DMZ, however, you need to adapt the firewall rules. For presentation of the Web Interface, setting up an HTTPS connection from the gateway to the NetMan Web Interface must also be permitted.