Thanks Rick. Now I understood the networking part involved. I think now I can talk to my network team and get it resolve this after enabling ssl encryption in midtier.
Thanks Jason for your input for SSL enabling. -- Sandeep Pandey Remedy Developer On Thu, May 16, 2013 at 12:18 AM, Rick Westbrock <rwestbr...@qmxs.com>wrote: > ** > > Depending on how the company handles DNS you may need to add an external > DNS entry to point to the server or possibly just enable external > advertisement of an existing DNS record. Depending on your network > architecture you may need to add a NAT and/or PAT translation on the > firewall in addition to opening the ports. If you are using an RFC-1918 > private address for the server then a NAT translation will be required but > if not then you should just need to allow the ports. Your network security > team may be taking care of all this for you in the background but I thought > it was worth mentioning. Hopefully for security reasons your public > mid-tier server doesn’t have a public IP address (at least that’s my > opinion).**** > > ** ** > > Personally I prefer using a private IP on the mid-tier server and putting > it into a DMZ, then allowing the required back-end ports through the > firewall to the application server which would live in the secure zone > behind the firewall. You could even run a separate mid-tier server in the > secure zone for internal users so that they don’t have to bounce into the > DMZ; going that route you would probably want to use the same DNS name but > associate it to a different IP for internal versus external DNS.**** > > ** ** > > ** ** > > -Rick**** > > ** ** > > ___________________________**** > > Rick Westbrock**** > > QMX Support Services**** > > ** ** > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *Sandeep Pandey > *Sent:* Wednesday, May 15, 2013 8:06 AM > *To:* arslist@ARSLIST.ORG > *Subject:* Re: Midtier over Internet**** > > ** ** > > ** **** > > Thanks Jason.**** > > I have opened port already 8080. Do we mention ssl encryption during > installation or we can do later after doing configuration setting change in > midtier?**** > > How to check? Is that https rather than http? > > Sandeep Pandey > Remedy Developer**** > > ** ** > > On Wed, May 15, 2013 at 8:21 PM, Jason Miller <jason.mil...@gmail.com> > wrote:**** > > ** **** > > You only need to open the port for the web server to the World (usually 80 > or 8080 or 8443 or 443). I strongly recommend using SSL encryption if you > are not already (I recommend it for internal only access as well).**** > > Jason**** > > On May 15, 2013 7:43 AM, "Sandeep Pandey" <sandeep.rem...@gmail.com> > wrote:**** > > ** **** > > Dear List,**** > > ** ** > > I have installed Midtier and ARS in single box and remedy web page > correctly functioning in Intranet network having firewall.**** > > Will it work over the Internet outside the Intranet if firewall setting we > remove? Or any thoughts? > **** > > Do we have any other settings related to firewall from the ARS > application/mid tier side if we disable/enable firewall?**** > > ** ** > > Web Server Information: Apache Tomcat/6.0.20**** > > ARS 7.6.04 SP4**** > > > -- > Sandeep Pandey > Remedy Developer **** > > _ARSlist: "Where the Answers Are" and have been for 20 years_ **** > > _ARSlist: "Where the Answers Are" and have been for 20 years_ **** > > > > > -- **** > > _ARSlist: "Where the Answers Are" and have been for 20 years_ **** > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
