 |
Considerations for Parallel Crystal behind a Firewall
Download PDF version of this faq: Firewall_Information.pdf
Issue: Most Dynalivery customers consider Parallel Crystal Report Server as an extension of their Web/Portal Servers and place them together on the same side of their firewall.
Options: In cases where this architecture is not practical, here are some options are available to you:
- Configure your firewall to pass traffic between the ip addresses of the Report Server and the Web/Portal Server.
- [Similar to other CORBA-based products, Parallel Crystal uses dynamically allocated ports. Therefore, it is not possible to secure the report server by a providing a range of ports which it *might* use. We are often asked this question. Sometimes we are asked if it is possible for customers to specify a large enough range of ports! We assure you that we have a researched this issue thoroughly and that the common security technique of specifying port ranges is not appropriate for Parallel Crystal. Thank you in advance for considering the other alternatives.]
- Intermediate Proxy Server for the report server.
- Demilitarized Zone (DMZ) for the report server.
- Virtual Private Network (VPN) for the report server. See the article "Cost effective solutions for protecting a single server," on Checkpoint Software's web site, http://www.checkpoint.com/products/vpn1/secureserver.html
To discuss security architecture in greater detail, please schedule a phone conference with Dynalivery's customer service department.
|
