E8.12 Get IP Address of the Application Server/ Restrict Application Access

[Rauf]

Hi there !
Is there any way to get IP address of the application server when an application is loaded ?
Or is there any technique to allow an application to run only from a specific application server ?

 

[MFreitag]

Or is there any technique to allow an application to run only from a specific application server ?

Yes, just put in an OCM Mapping for the application. We do that e.g. with stuff that needs to run on a Windows Enterprise Server in an AS400 environment.

 

[Rauf]

Yes, just put in an OCM Mapping for the application. We do that e.g. with stuff that needs to run on a Windows Enterprise Server in an AS400 environment.

May I ask you for a sample ( I'm not that much in to CNC side).

 

[MFreitag]

Just noticed you said program - sorry. But you can still map a BSFN to a specific server, which might be enough for your use-case?

P986110|W986110B - where it currently says LOCAL could be your Enterprise Server.


There should be DEFAULT entries already:

 

[Rauf]

Great MFreitag. Thank you very much.
I have checked OCM. But we can override the data source. How about the application server ?
The test case is as follows:
User can only run the application P55TIME on the app server, say 190.150.0.1 but not from the app server 190.150.0.99

 

[MFreitag]

You have to get the BSFN Name from your copied/custom application, let's call it B550001 here.
Your record would look like this:
PD812 | B550001 | BSFN | AppServerName - Logic | *PUBLIC | AV | P

If you add an OCM mapping you can just use visual assist to find your application server - logic data source.

 

[Rauf]

In our set up, I could not see "AppServerName - Logic", but I see only "EnterpriseServer - Logic"

 

[MFreitag]

In our set up, I could not see "AppServerName - Logic", but I see only "EnterpriseServer - Logic"

"AppServerName" is basically a variable i used as i do not know your Enterprise Server names
Point it towards your Enterprise Server - Logic Data Source, whatever it might be called. "- Logic" is the important part.

 

[MFreitag]

Just to clarify (after a private message exchange): @Rauf is talking about their JAS Servers, so OCM won't help here

 

[Rauf]

Just to clarify (after a private message exchange): @Rauf is talking about their JAS Servers, so OCM won't help here

The "Work with Security History (P98OWSEC)" lists the Machine ( MKEY).
I guess the GetAuditInfo functions return this info.
I can use this field to restrict the application using NER. But this field sometimes shows App Server and sometimes Enterprise Server. Any idea how this is populated ?

Edit:
I have tested and found the below points
If the user have multiple roles,
- If the user select *ALL while sign in, it lists the App Server
- If the user select only a specific role, it lists the Enterprise Server.

If the user have only one role,
- The app lists Enterprise Server

Now, I need to get only the app server irrespective of the role selection. Any idea? ( I'm also researching...)

 

[MFreitag]

I honestly have no idea what you're trying to achieve here. Let's start the other way round: Why do you need User x to be on AppServer1 and User y to be on AppServer2?

 

[Rauf]

I honestly have no idea what you're trying to achieve here. Let's start the other way round: Why do you need User x to be on AppServer1 and User y to be on AppServer2?

I have sorted out this. The GetAuditInfo works fine right now. I will continue testing.

The idea behind the segregation is that AppServer1 is to be used locally and AppServer2 can be used remotely. I have some special apps to be accessed only locally.

 

[MFreitag]

In that case i'd probably go for a load balancer or http server to direct the traffic accoding to if a user is local or remote.