Has anybody got experience in installing metastorm in a DMZ?

Budler_Jacques
Budler_Jacques
in AppWorks #1

Hi,

We are investigating installing MBPM in our DMZ to enable our foreign partners to perform their duties on the processes. Has anybody done this before?

Regards,
Jacques

Tagged:

Comments

  • James_Meen
    James_Meen
    #2

    Hi Jacques

    I am an Architect within OpenText. After spending several years in Professional Services, I have certainly done this.

    We have installed the Metastorm Web Client in the DMZ for this purpose on several deployments. It's a case of only installing the MBPM Web Client in the DMZ and providing a suitably configured EngineServiceConfig.xml on the DMZ machine that points at MBPM Engines on the internal network via firewall on suitable protocol and ports. Depending on your deployment circumstances, an additional SAP file might be needed for authentication of Trusted Users, etc.

    Optionally, the DMZ MBPM Web Client can offer different authentication mechanism to the internal MBPM Web Client. e.g. internally it could be SSO/Integrated Windows Authentication and in the DMZ it could be Forms Authentication.

    Aside from the technical aspects, in this scenario, full user licensing would still apply to any partner users that used the product.

    I hope that answers your question in a generic way, without going into too much detail about the insides of your network.

    If you would like me to contact you directly to discuss further, I am happy to. I have your contact details, so just let me know.

    Regards

    James Meen,
    OpenText

  • Budler_Jacques
    Budler_Jacques
    #3

    Hi James,

    Thank you for the answer. The trick with us lies with the custom forms deployed by Assure that mean we require access to SQL from the DMZ which we are loathe to do (for obvious reasons). Have you had any experience with that scenario?

    Regards,
    Jacques

  • James_Meen
    James_Meen
    #4

    You are correct, within Assure there are web forms external to MBPM that make direct queries to SQL Server. So for Assure, you'd need to allow access from the DMZ to the internal SQL Server. You would not need to allow SQL access from the external/outside/partner networks to the DMZ/internal network though.

    Regards

    James, OpenText

Categories

image
OpenText CE Products
AppWorks
Gateway & Platform