Access to E1 Application over internet

Dear All,

Please advice how do i securely give access to E1 application server to my remote geogrophically scattered users (around 50+ users) over internet, keeping below conditions:

Server Setup:
* Ent Server: AS/400 with WAS 6.0, E1 8.12

Conditions:

1) do not wish to publish Enterprise server directly to internet.

2) Due to some limitations we will not have VPN tunnels between HO - Branch offices

Request to provide possible scenarios,

Regards

Penchal

[ QUOTE ]
Conditions:

1) do not wish to publish Enterprise server directly to internet.

2) Due to some limitations we will not have VPN tunnels between HO - Branch offices


[/ QUOTE ]

Penchal - those are mutually exclusive conditions. If I were an auditor or your IT security officer, I would be 100% opposed to allowing anyone remote access to your ERP solution over an unsecured connection. The cost of setting up a VPN is minimal compared to the potential of your system getting hacked.

Gregg

Ditto to what Gregg said about setting up a VPN. If you need the branch offices to get to resources on your network, you should have some kind of private lines installed.

That said, it is possible to put SSL on the HTML client. At least you can get 128-bit encryption from the JAS server to the browsers. But it's still not ideal to have your AS/400 accessible like that.

[ QUOTE ]
That said, it is possible to put SSL on the HTML client. At least you can get 128-bit encryption from the JAS server to the browsers. But it's still not ideal to have your AS/400 accessible like that.

[/ QUOTE ]

If you did that, you'd have to set up at least two layers of firewalls and multiple layers of web servers. Your JAS server would need to be in the innermost layer, adjacent to your AS400. Then you would need two firewalls. Inside the two firewalls would be a tightly locked down html server that would open a portal to the outside world, and a different portal to the jas server. That configuration is called a DMZ (Demilitarized Zone).

To be honest, if you have the money and expertise to set that up, why not just go all the way and set up a VPN?

Gregg

Alternatively

Set up a Citrix Server - and publish that on the internet (you'll have some security without the necessity of a VPN). You can then run IE in the citrix server session which then will be able to access JDE.

Just an alternative solution there.