E1 and Demilitarized Zone

gerd_renz3

VIP Member
Hi,
I installed E1 E900 in a DMZ (Demilitarized Zone) at a client. The servers are DEPServ, EServ, DBServ and WEBServ. The URL for connection is, for example, http://WEBServ:8083/jde/E1Menu.maf .

As all these servers are NOT visible from outside the DMZ (not by name nor by IP), the client created some URLs like

jde-dv.clientname.com
jde-py.clientname.com
jde-pd.clientname.com

to give access to his users. Now I have two questions:

1. the URL "jde-pd.clientname.com" is accessible from anywhere, even from outside the company. Is this not a security issue to publish the E1 login screen to the world?

2. When I access E1 with the URL "jde-pd/clientname.com" instead of "http://WEBServ:8083/jde/E1Menu.maf", should I expect future problems? Could E1 not reference its original name WEBServ any time, which then will not be visible for the user?

Thanks for any opinion.

Gerd
 
No answers so far ...

Has anybody seen an E1 installation similar to the one described above?
I am asking because my client claims that is is "state of the art security technology" and does not understand our concerns.
 
Do you have a sketch you can share?

All that really needs to be done is to put an HTTP server in the DMZ and punbh through just the appropriate holes in the firewall.

The client should also be using SSL.

You can have WAS reference any virtual host name. Really depends on if you're adding a virtual host or doing a redirect.

JDE has a document out there that tells people to do a redirect......this ain't so good and my preference is to add a virtual host. This avoids any visibility into the alternate url's.

Colin
 
Thanks Colin.

Do you know what this document is called or where I can find it?

I have been looking for something like that but have not found it.

Gerd
 
Back
Top