Customers
User information
 Loading ...
Show article in Knowledge Base

 How do I configure VisionProject to work in our DMZ? Export knowledge base Export     SubscribeSubscribe      Show article info

The normal way to set up VisionProject (VP) in a corporate environment would be to :

 

  • Place the VisionProject application/web server in the DMZ behind the first firewall
  • Place the database server behind the 2nd firewall. Open up the correct TCP/IP port such as 1433 and connect VisionProject to it through the firewall.
  • Place the SAN/NAS (file storage) behind the 2nd firewall. Open up the correct TCP/IP port (445) for CIFS and mount the file share as a local drive (such as e:\) on the VisionProject application server and configure the VisionProject server accordingly. (Please note that if the app server has NBT enabled, it will always try to connect to the SAN/NAS both using port 139 and 445 simultaneously. However, if the client has NBT disabled, it will always connect to the server at port 445 only.). For simplicity, you can start by opening all related ports (137,138, 139 and 445) and then limit them one by one.
  • Also limit access from the VisionProject server to the AD/LDAP server (usually using port 389 or 636)

 

Option 1, below you'll see a very simple schematic view of this setup

 

Knowledge Base Images/Technical/setup_advanced.jpg 

Option 2, another even more secure solution is visualized below.

Knowledge Base Images/Installation/setup_advanced_en.png

  • In the solution above you place the proxy server in the DMZ between the first and second firewall. In the first firewall you need to make sure the TCP/IP ports 80 and 443 are open
  • Place the VisionProject application/web server in the DMZ behind the second firewall. In the second firewall you need to make sure you open the TCP/IP port 8080 to allow traffic between the application servers and the proxy server
  • Place the database server behind the 2nd firewall. Open up the correct TCP/IP port such as 1433 and connect VisionProject to it through the firewall.
  • Place the SAN/NAS (file storage) behind the 2nd firewall. Open up the correct TCP/IP port (445) for CIFS and mount the file share as a local drive (such as e:\) on the VisionProject application server and configure the VisionProject server accordingly. (Please note that if the app server has NBT enabled, it will always try to connect to the SAN/NAS both using port 139 and 445 simultaneously. However, if the client has NBT disabled, it will always connect to the server at port 445 only.). For simplicity, you can start by opening all related ports (137,138, 139 and 445) and then limit them one by one.
  • Also limit access from the VisionProject server to the AD/LDAP server (usually using port 389 or 636)

User comments
 Loading ...