The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
|
|
Customer portal deployment
Posted: 17 Mar 09 7:19 AM
|
Hi,
We are very heavy support ticket users, last year we opened almost 20,000 tickets. We would love to start using customer web portal but there is problem, the SLX security model goes against our corporate policy.
According to deployment guide the IIS server hosting customer portal needs access to Host database via ports 138, 139, 1433 and 1706; the host database resides on our LAN. Even though IIS server sits on the DMZ this architecture will not be permitted on our network. Has anyone looked into alternative setup ? Can Remote Office Server sit on the DMZ next to IIS Server?
Thank you,
Alex
|
|
|
|
Re: Customer portal deployment
Posted: 18 Mar 09 4:40 AM
|
| If the system is "internal" then you'll be fine - this doc assumes the system sits outside your LAN. You will be fine with just port 80. |
|
|
|
Re: Customer portal deployment
Posted: 18 Mar 09 6:57 AM
|
| We were going to make the portal available on the internet. The security gurus are having an issue with IIS server on DMZ being able to connect to the HOST DB which is on the LAN. |
|
|
| |
|
Re: Customer portal deployment
Posted: 19 Mar 09 10:06 AM
|
Hi Alex,
A few things (system wise) will be required to connect from a DMZ. Ports discussed after this.
1.) Create a local user on the External server that matches name and password (exactly) of your domain\WebDLL user.
2.) Give the local\WebDLL user all of the required security rights that you would for any SLX web piece. (chk implementation guide)
3.) Install the SLXOLEDB (I prefer to install this as the local\WebDLL to avoid any additional permission issues)
4.) Your Web Site and App Pool must be owned by the local\WebDLL user
5.) Verify the local\WebDLL has full access rights to the Documents and Settings folders. It will need to read and write.
In simple terms: When you are outside of the domain (DMZ) you still need a user with the permissions to talk to the SLX Server that resides inside of the domain. Because you can not pull your domain\WebDLL user over you must make an equivalent user in your DMZ. Then when you need to pass or receive requests: the local\WebDLL user asks for permission to get information from your domain. Your domain (Windows) will run a Name and Password challenge (NTLM) to the user. The DMZ user will present the WebDLL name and password as the and should pass the authentication test if everything matches between the two sides.
Ports
Ports will have to be opened.
1.) 1706 so SLX can talk internally.
2.) 1433 this is for the SQLOLE to talk to the DB internally. 1433 is a default SQL port, but your company may use a different one for security purposes. Your Network gurus should be able to set the appropriate port.
Any other ports opened are for external access according to your web site specifics. (i.e. Port 80 is the default external access port )
I hope this helps! 
Carla |
|
|
|
Re: Customer portal deployment
Posted: 31 Mar 09 12:57 PM
|
Do you use attachments? Do you want your users to upload docs to the ticket? Then you should Open 138/139 or some other incoming ports as well which your admin is not going to allow most probably, In that case , do not release that attachment form.
All the rest of these connectivty issues can be resolved by creating the neccessary Firewall rules.
and remote office server sits in a REMOTE office which is not anyways in the Host office network right? |
|
|
|