LogoLogo
LearnDocumentationSupportCommunity
Version 6.30
Version 6.30
  • Welcome
  • Nexthink V6
  • Overview
    • Software components
    • Collector
    • Finder
    • Engine
    • Portal
    • Nexthink Library
    • Digital Experience Score
  • Installation and configuration
    • Planning your installation
      • Overview of the installation process
      • Hardware requirements
      • Connectivity requirements
      • Software requirements
      • Reference architectures
    • Installing Portal and Engine Appliances
      • Installing the Appliance
      • Installing the Appliance on Azure
      • Installing the Appliance on AWS
      • Installing the Appliance on OTC
      • Managing Appliance accounts
      • Setting the names of the Portal
      • Setting the names of the Engines
      • Specifying your internal networks and domains
      • Federating your Appliances
      • STIG compliance in Web Console
      • Connecting the Portal to the Engines
      • Configuring session performance storage
      • Configuring device performance storage
      • Setting up a software license
      • Sending email notifications from the Appliance
      • Allocating resources for the Portal
    • Installing the Collector
      • Installing the Collector on Windows
      • Installing the Collector on macOS
      • Installing the Collector for a Proof of Value
      • Assigning Collectors to Engines
      • Assignment of roaming Collectors
      • Collector MSI parameters reference table
      • Nxtcfg - Collector configuration tool
      • Inspecting the connection status of the Collector
      • Querying the status of the TCP connection of the Collector
      • Reporting the URL of HTTP web requests
      • Auditing logon events
      • Viewing user interactions in virtualized and embedded environments
      • Engage notifications on macOS
      • Configuring Collector level anonymization
    • Collector remote connectivity
      • Redirecting and anonymizing Collector traffic
      • Redirecting the Collector TCP channel
      • Support for DirectAccess
      • Windows Collector proxy support
      • Mac Collector proxy support
    • Installing the Event Connector
      • Installing the Event Connector on Linux
    • Installing the Finder
      • Installing the Finder on Windows
      • Enabling Cross-Engine Finder features
      • Expanding the time frame of investigations in the Finder
      • Enabling Finder access to the Library
      • Finder proxy support
    • Updating from V6.x
      • Updating the Appliance
      • Content centralization when updating the Appliance
      • Updating the Collector
      • Viewing Collector deprecated fields
      • Updating the Finder
    • Security and user account management
      • Importing and replacing certificates
      • Hierarchizing your infrastructure
      • Adding users
      • Enabling SAML authentication of users
      • Just-In-Time provisioning of user accounts
      • Enabling Windows authentication of users
      • Multi-factor authentication for local accounts overview
      • Provisioning user accounts from Active Directory
      • Establishing a privacy policy
      • Disabling local accounts for interactive users
      • Setting the complexity and minimum length of passwords for local accounts
      • Protecting local accounts against brute force attacks
      • Preventing password saving in the Finder
      • Controlling session timeouts in the Portal
      • Security settings in the Appliance
      • Setting the Do Not Disturb periods between campaigns
    • Data retrieval and storage
      • Data retention
      • Increasing the maximum number of metrics
      • Establishing a data retention policy in the Engine
      • Storing Engine data in a secondary disk drive
      • Importing data from Microsoft Active Directory
      • Setting the locale in the Portal
      • Changing the Time Zone of the Portal
      • Time Zones and data collection
      • Changing the data collection time of the Portal
      • Nightly task schedules timetable
      • Changing the thresholds of High CPU warnings
      • Automatic restart of unresponsive Engine
    • Maintenance operations
      • Logging in to the CLI
      • Special operation modes for the Engine and the Portal
      • Changing the default ports in the Appliance
      • Centralized Management of Appliances and Engines
      • Monitoring the performance of the Appliance
      • Resizing partitions in Appliance
      • Configuring the system log
      • Examining the logs in the Portal
      • GDPR - Retrieving or anonymizing personal data
      • Finding out unlicensed devices
      • Removing devices
      • Installing third-party software in the Appliance
      • Installing VMware Tools in the Appliance
      • Operational data sent to Nexthink
      • Sending additional data to Support
    • Disaster recovery
      • Planning for disaster recovery
      • Web Console backup and restore
      • Engine backup and restore
      • Portal backup and restore
      • Rule-based assignment backup and restore
      • License backup and restore
      • PKI backup and restore
    • Branding
      • Branding the Portal
      • Branding of campaigns
  • User manual
    • Getting started
      • Logging in to the Finder
      • Logging in to the Portal
      • Enabling STIG in Webconsole
    • Querying the system
      • Searching the subject of interest
      • Executing an investigation
      • Creating an investigation
      • Editing the options of an investigation
      • Combining logical conditions in investigations
      • Navigating through the results of an investigation
      • Properties of users and devices
    • Visualizing system activity in the Finder
      • Getting a quick overview
      • Graphically observing the activity of users and devices
      • Observing service performance
      • Viewing network connections
      • Viewing web requests
      • Viewing executions
    • Monitoring IT custom metrics
      • Creating a metric
      • Examples of metrics
      • Session performance
      • Device performance
      • Following the evolution of a metric
      • Finding the visuals of a metric
    • Monitoring IT services
      • Analyzing service quality
      • Creating a service
      • Following the evolution of a service
      • Specifying URL paths of web-based services
    • Engaging with the end user
      • Getting feedback from the end users
      • Types of campaigns
      • Creating a campaign
      • Editing a campaign
      • Types of questions
      • Controlling the flow of questions
      • Translating a campaign
      • Triggering a campaign manually
      • Limiting the reception rate of campaigns
      • Scrutinizing the results of a campaign
      • Continuously measuring the satisfaction of employees
    • Rating devices and users with scores
      • Computing scores
      • Creating a score
      • Checking and comparing ratings
      • Computing potential savings
      • Score XML Reference
      • Documenting scores
    • Remotely acting on devices
      • Scenarios for remote actions
      • Creating a remote action
      • Executing remote actions
      • Triggering a remote action manually
      • Writing scripts for remote actions on Windows
      • Writing scripts for remote actions on Mac
      • Example of self-healing scenario
      • Example of self-help scenario
      • Application control and remote actions
    • Organizing objects with categories
      • Classifying objects of the same type
      • Creating categories and keywords
      • Tagging objects manually
      • Tagging objects automatically
      • Importing tags from text files
    • Getting notified by the system
      • Receiving Engage campaigns
      • Receiving email digests
      • Receiving alerts
      • Creating a service-based alert
      • Creating an investigation-based alert
    • Building web-based dashboards
      • Introducing dashboards in the Portal
      • Creating a dashboard
      • Examining metrics in depth
      • Documenting dashboards
      • Assessing license use
      • Computing dashboard data
      • Reusing dashboard content
    • Importing and exporting authored content
      • Methods for reusing authored content
      • Manually sharing Finder content
      • Importing a content pack
      • Conflict resolution
      • Exporting a content pack
  • Library packs
    • Compliance
      • Device Compliance
    • Configuration Manuals
      • Overview (Configuration Manuals)
      • Installing A New Version Of A Library Pack
    • Digital Employee Score (DEX score)
      • DEX Score Installation And Configuration
      • Detailed Library Pack Changelog
    • Device management
      • Reduce logon duration
      • Group Policy Management
      • Hardware Asset Renewal
      • Hardware Asset Renewal Advanced
      • Application Auto-Start Impact
    • Remote Employee Experience
      • Remote Worker Experience
      • Home Networking
      • Change Log And Upgrade Process
      • Remote Worker Vs Office Worker Device Category
      • Remote Worker Insights
      • DEX V2 Upgrade Of Remote Worker
    • Persona Insight
      • Persona Insight - Overview
      • Persona Insight - Library Pack
      • Persona Insight - Score Only Pack
      • Persona Insight - Without Campaign pack
      • Persona Insight - Getting Started and Upgrade Procedure
      • Persona Insight - Configuration Guide
      • Persona Insight - Troubleshooting - Multiple devices on multiple engines
      • Persona Insight - Reference Guide
      • Persona Insight - Example Pack
      • Persona Insight - Device Sizing
        • Persona Insight - Device Sizing Overview
        • Persona Insight - Device Sizing Configuration
      • Persona Insight - Application Sizing
        • Persona Insight - Application Sizing Overview
        • Persona Insight - Application Sizing Configuration
      • Legacy Persona documentation
        • Persona Insight - Library Pack (V.1.0.0.0)
        • Persona Insight - Base Pack
        • Persona Insight - Base Pack Advanced
        • Persona Insight - Customization Guide (V1.0.0.0)
        • Persona Insight - Configuration Guide (V1.0.0.0)
        • Persona Insight - Reference Guide (V1.0.0.0)
    • GSuite
      • GSuite: Health
      • GSuite: Services
      • GSuite: Sentiment
      • GSuite: Advanced Health
    • Support
      • Support: Level 1
    • Shadow IT
      • Shadow IT
    • Malware Protection
      • Malware Protection
    • Office 365 Health
      • Office 365 Health: Overview
      • Office 365 Health: Services
    • Office 365 OneDrive
      • OneDrive Summary
      • OneDrive Operations
      • OneDrive Advanced Health
      • OneDrive Migration
      • OneDrive Sentiment
      • OneDrive Management
      • OneDrive Advanced Operations
    • Office 365 Teams
      • Teams Overall Configuration
      • Teams - Migration
      • Teams - Health
      • Teams - Advanced Health
      • Teams - Adoption
    • Microsoft 365 Apps
      • Microsoft 365 Apps - Operate
    • Employee Self Service
      • Overview
      • Configuration
      • Usage
    • Onboarding Experience Management
      • OEM - Overview
      • OEM - Configuration
    • Office 365 Outlook
      • Outlook Troubleshooting
    • Virtualization
      • Virtualization: Operate
      • Virtualization: AVD - Advanced
      • Virtualization: Citrix Advanced
      • Virtualization: Project
      • Virtualization: Troubleshooting
        • Virtualization: Troubleshooting: Configuration
    • Windows
      • Win10: Configuration
      • Win10: Migration
      • Win10: Feature Update
      • Win10: Quality Update
      • Windows Defender Management
      • Administrators Management
    • Windows 11
      • Windows 11 - Readiness
      • Windows 11 - Migration Pilot
      • Windows 11 - Migration
      • Windows 11 - Operate
    • Webex
      • Webex Operate
    • Zoom
      • Zoom Operate
    • Remote Actions
      • Get Performance Monitor Data
      • Skype For Business
      • Restart Device
      • Upload Logs to S3 using PreSigned URLs
    • Software Asset Optimization
    • Collaboration Optimization
      • Collaboration Optimization - Solution Overview
      • Collaboration Optimization - Configuration
      • Collaboration Optimization - Usage / Troubleshooting
    • Systems Management
      • Manage Configuration Drift
      • MS ConfigMgr - Client Health
        • MS ConfigMgr - Client Health - Summary
        • MS ConfigMgr - Client Health - Configuration Guide
      • Intune
        • Intune - Health
          • Intune - Health - Summary
          • Intune - Health - Configuration Guide
    • Return to the office
      • Return to the office - Planning
      • Return to the office - Readiness
    • Green IT
      • Green IT - Overview
      • Green IT - Configuration Guide
    • Hybrid Working
      • Hybrid Working Experience
      • Hybrid Working Experience - Installation and upgrade procedure
  • Integrations
    • Nexthink ServiceNow Service Graph Connector
      • Overview
        • Roles and Permissions
        • Modules
      • Installation and Configuration Guide
        • Pre-requisites
          • Configure Identification Rules
          • Import and setup the CMDB categories in Finder
        • Setup
          • Configure the connection
          • Configure import properties
          • Configure additional engines
          • Set up scheduled import jobs
      • Data transformation and mapping by default
      • How to customize the behaviour of the Connector
      • FAQ
        • Why ServiceNow Service Graph Connector?
        • What about Nexthink CMDB Connector?
        • Why is the name the primary key for the devices?
      • Troubleshooting
        • IRE identification issues
          • [No Choice found in the sys_choice table for the target table](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/ire-identification-issues/ no-choice-found-in-the-sys_choice-table-for-the-target-table.md)
          • Identification rules not created
          • Discovery_source choice not created
        • Timeout Errors
          • ECCResponseTimeoutException
          • HTTP 0 error
        • MID server issues
          • java.lang.NullPointerException
          • MID Server memory issues
          • Not trusted certificates in Quebec release
        • Configure credentials issues
          • [Not allowing update of property authentication_choice](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/configure-credentials-issues/ not-allowing-update-of-property-authentication_choice.md)
          • Invalid username/password combo (HTTP 401/403)
        • Configure Engines Issues
          • [The client secret supplied for a confidential client is invalid](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/configure-engines-issues/ the-client-secret-supplied-for-a-confidential-client-is-invalid.md)
        • No Cis imported and no errors found in the log
    • Nexthink ServiceNow Incident Management Connector (IMC)
      • Installation and configuration guide (IMC)
      • Troubleshooting Guide (IMC)
      • Domain separation installation (IMC)
    • Nexthink ServiceNow CMDB Connectors
      • Installation and Configuration Guide
      • Troubleshooting Guide
      • Field transformation and normalisation examples
    • Nexthink Event Connector
      • High level overview
      • Installation and Configuration Guide
      • Troubleshooting guide
      • RPM installation
      • Splunk specific documentation
        • Upgrading from Splunk Connector to Event Connector
        • Splunk add-on installation and usage
    • Nexthink Chatbot SDK
      • Introduction and concepts
      • Installation, configuration and update guide
        • Installation and configuration
        • Update to newer version
        • Uninstallation
        • Authentication
        • Topics configuration
        • Remote action configuration
        • Advanced configuration
        • Additional resources and references
      • Dimensioning guide
      • Troubleshooting
      • Technical solution description
      • Downloads and release notes
  • Glossary and references
    • Search and information display
      • Search in Finder
      • Keyboard shortcuts for column display selection
      • Campaign display compatibility
      • Real-time and consolidated service data
      • Service errors and warnings
      • Errors and warnings for devices and executions
      • Types of widgets
      • Widget compute state in charts
      • Errors in the execution of remote actions
      • Top results of Cross-Engine investigations
      • Engine data history
    • Tooltips in the user and device views
      • Alerts tooltips
      • Warnings tooltips
      • Errors tooltips
      • Activity tooltips
      • Services tooltips
    • Database information and organization
      • Maximum supported values
      • Local and shared content
      • Device Identification
      • Local IP address of devices
      • Timestamping of events
      • Boot and logon duration
      • Application startup duration
      • Application not responding events
      • Memory and CPU usage
      • Status of TCP connections
      • Status of UDP connections
      • Network and port scan conditions
      • Binary paths
      • Maximum number of Binaries
      • Package Executable Mapping
      • Metro apps
      • Investigation with packages
      • Portal aggregation and grouping
      • Focus time metric
    • Security
      • Access rights and permissions
      • Active Directory authentication
      • Canonical domain names for Windows authentication
      • System alerts
      • Audit trail
      • Appliance hardening
      • STIG hardening
      • FIPS 140-2 compliance
      • Security bulletins
        • Is Nexthink affected by Okta breach
        • Is Nexthink affected by SolarWinds breach
        • Nexthink and Log4j - Security bulletin
        • CVE-2022-22965 - Security Vulnerability Spring4shell - Spring Framework
        • Version 6.22.2.10: Security Vulnerability Maintenance Release
        • The Collector V6.27.X Release – Security Bulletin
    • References
      • Components of the Collector
      • Server support
      • Compatibility mode
    • Glossary
      • Activity
      • Alert
      • Application
      • Binary
      • Campaign
      • Category
      • Connection
      • Dashboard
      • Destination
      • Device
      • Domain
      • Entity
      • Event
      • Executable
      • Execution
      • Focus time
      • Hierarchy
      • Installation
      • Investigation
      • Keyword
      • Metric
      • Module
      • Object
      • Package
      • Platform
      • Port
      • Printer
      • Score
      • Service
      • Session
      • System boot
      • User
      • User logon
      • Web request
      • Widget
  • API and integrations
    • Integrating with Nexthink
      • Event Connector
      • Getting data through the NXQL API
      • Bidirectional integration with the Finder
      • Count metrics API
      • Software metering API
      • Services API
      • List Engines API
      • GetSID API
      • Triggering campaigns via their API
      • Triggering remote actions via their API
      • Audit trail API
      • Integrating investigation-based alerts
      • Downloads
    • NXQL API
      • Introducing the NXQL API
      • NXQL Tutorial
      • NXQL language definition
      • NXQL Data Model
    • Integrations
      • Excel integration with NXQL
      • Power BI
      • Azure Data Lake Storage Gen2
      • Splunk Event Connector
    • ServiceNow
      • CMDB Connector
      • Incident Management Connector
      • Event Management

© Nexthink

  • Privacy policy
  • Responsible Disclosure Policy
On this page
  • Overview
  • Basic architectural principles
  • Global organizations
  • Appliances in different locations
  • Regional and Local organizations
  • Small local organizations
  • Remote or roaming devices
  • Running VPN client software
  • Forwarding UDP Collector traffic
  • Forwarding TCP Collector traffic
  • Connection to online services
  • Offline Nexthink Appliances

Was this helpful?

  1. Installation and configuration
  2. Planning your installation

Reference architectures

Overview

Installing Nexthink requires taking architectural decisions with respect to the location of the Nexthink components and their connectivity. The choice of a particular architecture depends mainly on the geographical distribution of the assets and the network topology of an organization. Whereas global organizations have assets distributed all over the world, with regional offices typically interconnected through dedicated lines or VPN technology, local organizations have all or most of their assets placed in a single location and connected to a single LAN. The appropriate architecture for each type of organization will thus be different, although some basic architectural principles stay the same for all kinds of installations.

To help you choose the right architecture for your organization, consider the following factors and possible scenarios:

  1. Location and connectivity of Appliances

    • Appliances are placed in one location on premises (recommended).

      • Appliances can connect to the Internet (recommended online installation).

      • Appliances have no access to the Internet (offline installation).

    • Appliances are in several geographically dispersed locations on premises (not recommended).

    • Appliances are located in external data centers (cloud installation).

  2. Location, connectivity and total number of Collectors

    • Collectors in the intranet.

    • Roaming Collectors in the Internet (home office, travelling, etc).

      • Connected through VPN or similar (including Microsoft Direct Access or Always On VPN).

      • With no VPN connection.

  3. Data anonymization

    • Anonymized analytics.

    • GDPR compliance.

  4. Integrations

    • Integrations inside the intranet (e.g. SCCM, SMTP, Active Directory)

    • Integrated software in the Internet (e.g. cloud services such as ServiceNow).

While an exhaustive description of all the possible combinations is beyond the scope of this article, we present below a set of reference architectures on which you can base your own deployment. Choose the reference architecture that suits best to your specific setup.

Basic architectural principles

Once the hardware requirements for running Nexthink are met, the quality of the network connections between the different Nexthink components mainly determines the overall performance and responsiveness of a Nexthink setup. For architectural purposes, we can classify these connections according to the communicating Nexthink components:

  • Nexthink visualization and query tools with the Nexthink Appliances:

    • Finder to Portal and Engines.

    • Browser (web front-end) to Portal.

  • Among Nexthink Appliances themselves:

    • Portal to Engine.

    • Engine to Engine.

  • Collector with Nexthink Appliances:

    • Collector with Engine (UDP and TCP connection)

    • Collector with Portal (TCP connection, if rule-based Collector assignment is used)

With the introduction of the Cross-Engine features in V6.19, a good connectivity between the Finder and the Nexthink Appliances and between the Appliances themselves has become fundamental to offer Nexthink users a satisfactory experience. Apply thus the following recommendations, especially when using the Cross-Engine features:

  • Place all your Nexthink Appliances in the same data center. If this is not possible, ensure that the connectivity between the Portal and the Engines is equivalent to that of a local network.

  • Ensure a good connectivity between the Finder and the Nexthink Appliances, both Portal and Engine.

The rationale for these recommendations in Cross-Engine scenarios is the following:

  • All the queries from Finder that require an answer from multiple Engines are routed through the Portal, which gathers and merges the responses of every Engine.

  • The slowest of the connections between the Portal and the Engines determines the overall query time (the Portal waits up to 3 minutes for the Engines to respond).

  • Finder users will face responsiveness issues and suffer long waiting times if the communication with the Portal and the Engines is not fluid, which leads to a poor user experience.

On their part, the connections between the Collectors and the Appliances are much less demanding in terms of network bandwidth and latency. Therefore, the main concern is to ensure that Collector data reach their intended destination through the network:

  • Ensure that Collectors can reach their correspondent Engine and, if rule-based Collector assignment is used, that Collectors can reach the Portal as well.

    • Configure firewalls and proxies appropriately so they do not block the Collector communications.

  • Avoid fragmentation of UDP traffic, as it may cause significant loss of Collector data.

Global organizations

Global organizations extend over several locations in different countries. To create a private network over a wide area, the local area networks of a global organization are connected through dedicated lines or, more often, through VPN technology. A Virtual Private Network (VPN) enables devices and servers in distant places to connect through shared or public networks as if they were all directly connected to a single local network.

The reference architecture for a global organization looks thus as follows:

The key points of the reference architecture for global organizations are the following:

  • All Nexthink Appliances, whether physical or virtual, reside in the same data center.

  • Multiple Engines are required, as global organizations typically deploy a large number of Collectors.

  • Regional offices are interconnected to form a single private network (through VPN in the example figure).

  • The IT department (Finder and Portal users) is preferably located next to the Nexthink Appliances to have good connectivity.

    • Using the Finder from a distant regional office is still possible, although the Finder may lose responsiveness if connectivity is not good (Finder icon displayed dimmed in the example figure).

  • Remote Collectors connect to the global private network through the Internet (using VPN client technology in the example figure).

Appliances in different locations

If for some reason you really need to have Appliances distributed among different locations, place the Portal in the office with the highest number of end-user devices or Engines (generally these two numbers go hand in hand), or with the highest number of Finder users.

The connection between offices should offer enough bandwidth and low latency for Nexthink users to work comfortably with the Finder or with the Portal front-end while connected to the Engines or the Portal located in another office. Remember though that this is not the recommended architecture for global organizations, especially in the case that Cross-Engine features are enabled.

Regional and Local organizations

For regional organizations with several data centers, preferably place your Nexthink Appliances in the data center where most of your Finder users work. For local organizations that do not extend over several locations, all Nexthink Appliances are naturally placed together in the same data center.

Small local organizations

For setups with fewer than one thousand end-user devices, it is possible to host both the Portal and the Engine in a single appliance, as depicted below.

Remote or roaming devices

When the end-user devices and the Nexthink Appliances are in the same intranet, every machine can directly reach each other over the network: Collectors can talk to their assigned Engine and, in turn, Engines can communicate with the Portal because they all reside in the same intranet.

The fact that the intranet is implemented as a Local Area Network (LAN) in a single office or as a Wide Area Network (WAN) extending over several regional offices is probably important for network performance, but irrelevant to our discussion. It does not matter either if the Nexthink Appliances are deployed on physical or virtual servers. The most important property for a simplified deployment is to have direct connectivity among computers, as it is the case in an intranet.

Regardless of the size of an organization, it is common these days to have employees working from remote locations. The reasons may vary: home office, commuting, visiting customers, etc. When an end-user device is outside the corporate network, the Collector running on the device may lose the connectivity to its assigned Engine, as the Engine is usually not reachable through the Internet because of security reasons. If the Collector cannot reach the Engine, activity information is irremediably lost while the device is roaming.

Running VPN client software

One way for the Collector to not lose the connectivity with the Engine is to run VPN client software on the roaming device so that it always stays connected to the corporate network, even when the device is out of the office. Of course, the use of VPN client software in your roaming devices requires that you have a VPN infrastructure ready in your corporate network. Establishing a VPN connection is the preferred solution to deal with roaming devices if you already use VPN technology.

Forwarding UDP Collector traffic

In Nexthink, the last IP address of a device is determined by the source address of the UDP datagrams that it sends to the Engine. While roaming without a VPN, however, a device is usually behind a NAT router that hides the private IP address assigned to the device. Moreover, the redirection service can modify the source IP address in the UDP datagrams of roaming devices, so they can be redirected to the intranet without being rejected. This has implications on how devices are assigned to entities and Engines depending on whether devices are roaming or not. Contact the Customer Success Services of Nexthink to find out the best configuration possible for your particular case.

Starting from V6.21, the redirection service can deal with data sent through either the UDP or the TCP channel of the Collector, but it exclusively handles the end-user data part of the TCP channel. Therefore, features such as Engage, Act or the automatic updates, which are sent through the TCP channel, do not work for roaming devices with the redirection service. If you need these features to work on roaming devices, prefer a VPN solution or configure a TCP reverse proxy as indicated in the next section.

Forwarding TCP Collector traffic

Starting from V6.21, if all your Collectors send all their data through the TCP channel only, you do not require the redirection service (Nxredirect) to be running on the Appliance, as no UDP traffic is sent and the reverse proxy configuration is able to redirect the full TCP channel of the Collector.

Connection to online services

Independently of your particular setup and the reference architecture that you choose, the deployed Nexthink Appliances must connect to the online services provided by Nexthink to receive updates, get security information about binaries and domains, and validate their licenses.

Moreover, the Appliances optionally connect to NTP servers to synchronize their clocks. By default, the Appliances that run the Portal or the Engine connect to the default ntp.org servers. Change the configuration in the Web Console if you prefer to synchronize with NTP servers that are geographically closer to your Appliances, or even located within your own corporate network.

In addition to the Nexthink Appliances, the device that runs the Finder must have access to the Nexthink online services to download library packs from the Nexthink Library.

Offline Nexthink Appliances

In setups with special security concerns, Nexthink Appliances have no direct connection to the Internet. To update your offline Appliances, mirror the Nexthink repository in a server under your control and then apply the updates to the Appliances.

Because mirroring the Nexthink repository requires a formal agreement with Nexthink, contact your Nexthink representative or Customer Success Services to proceed with this method and get technical assistance.


RELATED TASKS

RELATED REFERENCES

Last updated 10 months ago

Was this helpful?

Use either that are not directly connected to the same network as the Appliances.

Depending on the total number of deployed Collectors, install one or several Engines and one Portal on separate physical or virtual appliances and (Engines) with the primary (Portal).

For instance, if you have Microsoft DirectAccess (for Windows 7 clients) or Always On VPN (for Windows 10 clients) or any other VPN technology, benefit from it to keep the Collector connected to the Engine on roaming devices. Remember to configure your Nexthink setup to if you use this particular solution.

See the diagram on for an example of roaming devices connected through VPN.

As an alternative to VPN technology, configure a Nexthink Appliance to forward Collector traffic to your Engines. The is a feature in the Engine Appliance that lets you forward UPD traffic from the deployed Collectors to one or more instances of the Engine, optionally anonymizing sensible data on the fly.

To forward Collector traffic from the Internet to your corporate network, place the additional Engine Appliance in the DMZ and use it .

Because the Collector is configured to point to a specific Engine, the DNS name of the Appliance that performs the redirection in the Internet must match the DNS name of the Engine in the corporate intranet. It is therefore mandatory for this case to use DNS names and not IP addresses to configure the and the Collector assigned Engine. In this way, regardless of the device being inside the corporate intranet or out in the Internet, the Collector is pointing to the correct DNS name of the Engine.

To enable features such as the Engage or Act modules and the automatic updates on roaming devices that cannot connect through VPN, enable the TCP channel between the Collectors and the Engine by in the same Appliance that redirects Collector traffic.

federate your secondary Appliances
support DirectAccess
redirection service
External DNS name of the Engine
installing a reverse proxy
Federating your Appliances
Redirecting Collector traffic
Redirecting the Collector TCP channel
Setting the names of the Engines
Enabling Cross-Engine Finder features
Connectivity requirements
Support for DirectAccess
VPN technology or traffic redirection for Collectors
global organizations
exclusively for redirection