The GFI OneGuard Controller

The GFI OneGuard ControllerA GFI OneGuard component automatically discovers devices connected to the network, acting as a relay that channels communications between Agents and Platform. is an installable component of GFI OneGuard that manages communication between the PlatformThe main component of GFI OneGuard that connects all the services offered by the product and the database that stores all collected information. and AgentsA GFI OneGuard component that runs as a background service on target devices and handles the deployment of patches, service packs and software updates.. Its main roles are to execute network discovery and to relay instructions between the Platform and the Agents that it manages. It also caches and distributes virus definitions and patches to reduce bandwidth usage and costs between the Platform and the Agents.

Multiple GFI OneGuard Controllers

All network devices managed by GFI OneGuard must communicate with at least one GFI OneGuard Controller. In typical and small installations, the Controller is installed on the same machine as the GFI OneGuard Platform and is installed automatically when choosing Typical deployment type when running the installation wizard.

You may also have, however, other Controllers deployed over the network, with each Controller able to communicate with both the Platform and the devices that it manages. Multiple Controllers are required when:

• A company's network is segmented in a number of sub-networks, where sub-networks cannot communicate with each other. Multiple Controllers will be required to manage the communications with the Platform of each sub-network.
• The number of Windows devices to manage exceeds 1,000. Given that a single Controller is able to handle up to 1000 devices, multiple Controllers can increase the amount of managed devices. (Note that the Platform can only manage up to 10,000 devices)
• The network is segmented in different physical and geographical sites. A Controller is deployed at each site so that communications between the Controller and the Agents are done within each individual site, minimizing communications over the internet.
• Different areas of the network are managed by different user accounts, for example when having multiple domains or having a workgroup outside your domain. Each Controller can be configured to deploy agents using a particular user account. If there is no single account that can manage all the devices connected to a Controller instance, then you need to deploy multiple Controllers and configure a different user account on each Controller.

Installing the GFI OneGuard Controller

Controllers do not have to be installed on the same domain as the Platform and can be installed on a different site, domain or workgroup, as long as the Controller can be configured to communicate with the Platform. However, a Controller must always reside on a virtual or physical machine within the same network as the Agents connected to it.

The GFI OneGuard Platform and Controller components share the same installation file. Before starting the installation, confirm that the machine where you are going to install the Controller meets the following requirements:

Requirement	Description
Operating system	Install the GFI OneGuard Controller on any of the following 32-bit or 64-bit operating systems: Windows Server 2016 Essentials, Standard or Datacenter Windows Server 2012 R2 Essentials, Standard or Datacenter Windows Server 2012 Essentials, Standard or Datacenter Windows Server 2008 R2 Standard, Enterprise, Datacenter, or Itanium-based systems Windows Server 2008 Standard or Enterprise Windows 10 Pro or Enterprise Windows 7 Professional, Enterprise or Ultimate Windows Small Business Server 2011 Windows Essential Business Server 2008 Windows Small Business Server 2008
Microsoft .NET Framework 4.5.1	Automatically installed during setup. If automatic installation fails, download setup from: https://www.microsoft.com/en-us/download/details.aspx?id=40779
Network communications	The GFI OneGuard Controller can be installed on a physical or a virtual network that communicates with the Platform via an internal or external network. By default, Controller-Platform communications are done on port 80, or port 443 if using a secure connection. The Controller can also be configured to connect to the Platform via a proxyA server or software application used to control and filter Internet access. The correct proxy settings need to be set in GFI OneGuard to allow Internet access when a proxy is used..
AntivirusA software countermeasure that detects malware installed on a computer without the user's knowledge. and backup software	Antivirus and backup software may cause the Controller to malfunction. This occurs when such software denies access to certain files required by it. Disable third party antivirus and backup software from scanning the installation folder of the Controller, which by default is: ..\Program Files (x86)\GFI\OneGuard\ (on 64-bit systems) ..\Program Files\GFI\OneGuard\ (on 32-bit systems)

To install the Controller, run the GFI OneGuard installer and follow the wizard as described in this topic. When asked to choose the components to install, click Advanced and select Controller to install just the Controller.

Installing the Controller

When the installation is complete, the Controller is loaded and runs minimized in the system tray. If the Controller is installed on a different site, domain or workgroup than the Platform, additional configuration is required for the Controller to communicate with the Platform. For more information refer to Controller configuration.