SureSync MFT Endpoint Evaluator's Guide

This guide will walk you through the configuration of the Endpoint component for SureSync MFT.

Table of Contents

1. Introduction
2. Contact Information
3. Our Scenario
4. Endpoint Licensing
5. Creating the Workstation Computers
6. Creating an Endpoint Group
7. Creating an Endpoint Job
8. Changing Endpoint Job Settings
9. Client Deployment and Configuration
10. Enable the Endpoint Job Group
11. Viewing Endpoint Status

Introduction

In the modern workplace, employees are becoming increasingly mobile. When an IT administrator needs to synchronize / replicate files with workstations and laptops, a great deal of flexibility is required.

SureSync Managed File Transfer (MFT) provides a comprehensive and flexible feature set that allows you to manage data flow to these types of machines. Workstations can be added as paths in standard MFT Jobs and controlled entirely from the server.

When end users need more control of the Job, Endpoint can be deployed. Endpoint Jobs are designed for remote workers where the machines have dynamic IP addresses, are behind firewalls that you do not control, or where the user needs control to stop/start the Job and review status.

This document assumes you have reviewed the main SureSync MFT Evaluator’s Guide to complete the initial setup. This guide will walk you through configuration of an Endpoint Job within SureSync MFT.

Contact Information

Please contact our support team for further information about SureSync MFT or clarification on anything within this guide. They will be happy to assist with your evaluation.

Software Pursuits, Inc.

140 Chestnut Ln

San Mateo, CA 94403

Phone: +1-650-372-0900

Fax: +1-650-372-2912

Sales e-mail: sales@softwarepursuits.com

Support e-mail: support@softwarepursuits.com

Technical support is available between 7:00AM and 4:00PM PST Monday through Friday.

Endpoint Architecture

SureSync MFT allows data to be processed in a highly flexible manner. By default, the MFT Hub will attempt to make all necessary connections to remote Communications Agents. This works perfectly for machines within your own network where you have control of IP addresses, DNS names, and firewalls.

MFT can be configured to instruct a remote Communications Agent to establish the connection back to the Hub. This allows remote computers with dynamic IP addresses or firewalls that cannot be changed to still connect to the MFT Hub to process necessary Jobs. Endpoint uses this type of connection.

On the server side, a machine has SureSync MFT installed and is configured as a Hub. On this machine, you will use the SureSync MFT Desktop to configure the Endpoint Jobs.

On each remote machine, the Endpoint Client is installed. The client resides in the system tray of the computer and can be used to stop/start Jobs, view status, and view the log. These remote agents create the necessary connections to the Hub, and the Hub processes the appropriate Job(s) assigned to the machine in question.

If the end users do not need access to the status for the Jobs or the ability to enable/disable Jobs, a Communications Agent can be installed and configured using the same type of connection to provide the same functionality minus the user interface for the client.

Since the client establishes all connections to the MFT Hub, there is no need for complex dynamic name resolution for the clients.

Our Scenario

 This Evaluator’s Guide will walk you through a sample configuration of SureSync MFT Endpoint. The scenario covered in this guide involves a Windows 2019 R2 server and two laptops running Windows 10. A diagram of the scenario is presented below. 

In the example, the server will be a destination, and the laptops will send data to the server.

Endpoint Licensing

Endpoint functionality is included with the SureSync MFT workstation license.

Creating the Workstation Computers

The first step in configuring Endpoint is to add the relevant workstations into the MFT environment. To do so, click on the Computer button in the MFT Desktop ribbon bar.

Enter the workstation’s NetBIOS computer name into the ‘Computer Name’ field.

Creating the Workstation Computers

The first step in configuring Endpoint is to add the relevant workstations into the MFT environment. To do so, click on the Computer button in the MFT Desktop ribbon bar.

Enter the workstation’s NetBIOS computer name into the ‘Computer Name’ field.

Click ‘Next’ to continue.

Click on the ‘Set Credentials for Accessing this Agent’ button.

Provide an administrator level local account on the workstation. This should be formatted .\username. This account will be used for file access on the workstation. It is recommended to use a custom administrator account with a strong password.

Click the ‘Save’ button to save the credentials.

If you want the workstation to create the connection back to the MFT Hub, uncheck the “Hub can initiation connection’ option. Otherwise, the MFT Hub will attempt to establish connections.

Click ‘Next’ to continue. 

Click the ‘Finish Server’ button to finish adding the machine.

Creating an Endpoint Group

The next step is to create an Endpoint Group. To create an Endpoint Group, click on the Endpoint Group icon () in the SureSync MFT Desktop ribbon bar.

Provide a name for your Endpoint Group in the first panel of the wizard and click ‘Next’ to continue.

On the next panel, you define the server path for the Jobs that will be created under this group. The server path can be the MFT Hub or any other Communications Agent defined in your MFT database. The server path can be a source, a destination, or both (multi-directional synchronization).

In this example, the server will be the destination. We also want to store the data from each incoming machine into its own folder. We will use the %ClientComputer% variable. This will create a subfolder in the root path with the name of the client computer sending the files for each computer that connects.

For our example, the server path will be a destination is D:\MFT Test Folders\Endpoint Destination\%ClientComputer%.

Click “Next” to continue.

The final panel defines the scheduling to be used for the Jobs added to this Endpoint Group. By default, “Always On” is selected, which processes data in real-time as changes occur. For this example, we will use the default.

Creating an Endpoint Job

The next step in configuring SureSync MFT Endpoint is to create an Endpoint Job. The Job will define the computers involved in the synchronization process.

To create the Job, click on the Example Endpoint group created in the previous step. Click on the ‘Create Endpoint Job’ tab.

Click on the ‘Add Endpoint Jobs’ button.

On the panel that loads, select the workstation from the Client Machine drop-down.

In the ‘Client Root Path’ key in the path on the workstation. For this example, we are using C:\EndpointSource.

Click the ‘Add Endpoint Job’ button to create the Endpoint Job.

Changing Endpoint Job Settings

The Endpoint Job is configured with a basic set of default settings. The one-way Rule used is a Mirror and the multi-way Rule used is a Multi-Mirror.

You may want to make additional changes to the configuration of your Job. For example:

• Include or exclude specific folders, files, or file extensions.
• Enable Advanced Open File Support
• Change the Rule Types used

All of this is done in the property sheets for the Endpoint Job.

Pressing the F1 key on each of the tabs will launch context sensitive help explaining the options that are available to you.

Client Deployment and Configuration

The installer for the SureSync MFT Endpoint Client can be downloaded here.

On each client, execute ssmftendpoint.exe and follow the on-screen prompts. The installer is a standard Windows installer. You can distribute the setup using any existing deployment solution available on your network. A silent command line installation is available using the /s switch.

Each Endpoint Client must be configured with the connection details necessary to reach the MFT Hub. When the client software is launched, it will connect to the server and start processing data.

Step 1: Configure the First Endpoint Client

The configuration information defined on one Endpoint Client machine can be easily distributed to other clients. The first step is to install the Endpoint Client on a machine and complete the configuration.

When the Endpoint Client is launched for the first time without a configuration, you will receive the following message:

Clicking “OK” will launch the Client Connections panel used to define the connection used by the Endpoint Client to reach the server for Job configuration retrieval.

Click the “Add New Machine” button.

In the ‘Add Communications Agent’ dialog box, enter the NetBIOS computer name of the MFT Hub in the ‘Computer Name’ field.

Enter a public IP address or DNS name that the workstation can reach the MFT Hub via in the ‘Access Name’ field.

If the Endpoint machines in your environment will be roaming from network to network, you must use either a public IP address or a publicly resolvable DNS name to configure the Endpoint Client to use to reach the Hub server. If there is a firewall, you must configure port forwarding to send the TCP 7033 port traffic arriving at that IP/DNS name to the correct server in your internal network. 

Click the “Save New Computer” button.

The resulting configuration generated after clicking the ‘Save New Computer’ button is fully functional with the default settings.

This default configuration has two connections. The first connection is on TCP 7033 and is encrypted with TLS with Certificate. This connection is used for data transfer. The second connection is TCP 7033 and is encrypted with Basic256. This connection is used for status and configuration transfer.

You can use the “Test This Connection” button to ensure that Endpoint Client is able to reach the server. Both connections must test successfully for Endpoint to function correctly.

If the Access Name you provided does not work, you can change it in the “Access Name” field here. Both connections must use the same Access Name. 

Step 2: Distribute Configuration File to other Endpoint Clients (optional)

Once you have configured an Endpoint Client, you can distribute the same configuration to other machines easily. In C:\Users\Public\Software Pursuits\SureSync MFT1 you will find a file named MFTEndpoint.xml. This file contains all the server configuration information.

To configure a second machine to use the same server connection, simply install the SureSync MFT Endpoint Client and copy the MFTEndpoint.xml file into C:\Users\Public\Software Pursuits\SureSync MFT1 before launching the application. If the application is already open, close it before copying the xml file into the directory and launch it again.

Enable the Endpoint Job Group

Once you’re ready to begin processing, you must enable the Endpoint Job Group. This is done in the SureSync MFT Desktop by clicking on the Job Group, unchecking ‘Disable all processing for this Group’ and clicking apply. 

Once the Endpoint Group is enabled, processing will begin.

Viewing Endpoint Status

The status of the Endpoint Jobs can be viewed both on the server side and the client side.

To view Status of a specific Job in the SureSync MFT Desktop, click on the Job and then click on the Detail Status button in the ribbon bar.

On the client side, if you launch the Endpoint tray application, there will be a ‘Display Status’ button. The end user can also disable/enable Jobs assigned to their computer from here.