Secure Configuration

Here is our recommended secure configuration for N-able N-central Report Manager.

Operating System (OS)

  • Install Microsoft Windows Server 2016 or 2019 Standard or Enterprise Edition.

    See:

    System Requirements

  • Enable the Windows Firewall. See details in Network Security Section below.

    Also see:

    Server Requirements

  • Install and configure an Anti-Virus (AV) product, such as N-able EDR or N-able AV Defender.

  • Install an N-central Agent onto the Report Manager system; N-central automatically recognizes Report Manager, and adds applicable health checking and monitoring services, Remote Control, and access to other tools remotely, such as deploying AV.

SQL Server

IIS

Application Security – Report Manager

  • Install using the Local Admin account or a domain account with local admin rights, DO NOT USE a domain admin account.

    NOTE: It is not necessary to join the Report Manager server to a domain. It is only required if optionally delivering Scheduled Reports to a file share, which requires a file share on the same domain, or if delivering Scheduled Reports via email and the environment requires domain-joined mail hosts.

  • After linking N-Central as a datasource, disable the reportsadmin default account

    See:

    Post Install Steps

Network Security

  • Do not expose Report Manager directly to the internet.

  • Create the following ACLs communication with Report Manager:

    • Enable port 443 inbound to Report Manager from local network only

      Also, optionally allow access to 443 (HTTPS) from sites where users require access to generate reports, such as Client sites (geo-restrictions)

  • Enable port 1433 inbound to Report Manager from N-Central. Report Manager should only accept this traffic from the N-Central internet protocol (IP) address.

  • Optionally, block all access to Report Manager and use Remote Control via N-central to perform configuration/report generation.

  • Place N-central and Report Manager on an isolated or dedicated subnet.

System Auditing and Monitoring

  • Ensure that the recommended audit logs are enabled according to the Center for Internet Security (CIS) for Windows 2016/2019 and MS SQL 2017.

  • Ensure there is enough disk space for the audit logs. Audit logs can fill up an entire disk if they aren’t managed or rotated.

Data Encryption

Patching and OS updates

  • Ensure the OS is up to date with the latest Microsoft patches.

  • Ensure Microsoft patches are applied regularly and frequently, such as by using N-central’s Patch Management features.

System Backup

  • Ensure system has an up-to-date backup, such as by using N-central’s MSP Backup features. Also, see the Install Guide or Online Help for details on configuring SQL Backups and a Maintenance Plan.

    See:

    Post Install Steps