Appendix: Consolidating the Logs in the Cloud Using OpenVPN : Requirements Overview
  
Requirements Overview
When consolidating DeviceLock logs (see Consolidating Logs) in a local area network environment, servers exchange data by using remote procedure call (RPC) over Transmission Control Protocol/ Internet Protocol (TCP/IP). This method provides quick and efficient communication in a corporate network.
Communication with a cloud server via RPC can be provided through a secure virtual private network (VPN) connection using OpenVPN software. In this appendix, you can find instructions on how to configure the OpenVPN server and client as well as the DeviceLock Enterprise Server to consolidate DeviceLock logs on a cloud server.
The following conditions are required to consolidate DeviceLock logs from designated on-premises servers to a cloud server through a VPN connection using OpenVPN:
The on-premises servers can gain access to the cloud computer by its IP address.
This requirement is met, for example, when the on-premises computer has Internet access, and the cloud computer has a static public IP address and thus is directly accessible over the Internet.
On both the on-premises and cloud computers, Windows Firewall is configured so that:
Port 80 is open for inbound public TCP traffic.
The DeviceLock Enterprise Server is allowed inbound public TCP traffic.
To meet these requirements, use the “Windows Defender Firewall with Advanced Security” console (wf.msc) to create the inbound rules with the following settings:
Rule type - Port; Protocol - TCP; Local port - 80; Action - Allow the connection; Profile - Public.
Rule type - Program; Protocol - TCP; This program path - %ProgramFiles%(x86)\DeviceLock\DLServer.exe; Action - Allow the connection; Profile - Public.
The OpenVPN server is installed and configured on the cloud computer.
The OpenVPN client is installed and configured on the on-premises computer.
DeviceLock Enterprise Server on both the cloud and on-premises computers is assigned a fixed network port. Normally, this is port 9133.
The on-premises DeviceLock Enterprise Server uses a DeviceLock certificate to authenticate with the cloud-based DeviceLock Enterprise Server.
In this appendix, we assume that DeviceLock Enterprise Server is already installed, up and running on both the on-premise and cloud computers. Our object is to make the on-premises DeviceLock Enterprise Server a remote consolidation server for the DeviceLock Enterprise Server running in the cloud. As a result, the cloud server will consolidate logs from the on-premises one. In the same way, you can configure log consolidation from multiple on-premises servers.
In addition, the configuration described here will enable the DeviceLock Management Console from the on-premises computer to connect and manage the cloud-based DeviceLock Enterprise Server.