[Date Prev] [Date Next] [Prev in Thread] [Next in Thread] [Date Index] [Thread Index]

Re: SmartReporting over SSL in DMZ



**

Thanks for the feedback so far.


Vinod - we do have a mid-tier and a smartreporting server public facing and then another set private facing.  We've had mid-tier setup like this for years, which works perfect.  I can log directly into SmartReporting on the public side all day.  I just can't get mid-tier to take the setting in the config page.  I actually tried to load both mid-tier and smartreporting on the same server too in test to get away from the cert configurations between servers.  No luck.


Lee - absolutely no performance issues at all doing this.  From a security standpoint I believe this is the only way you should setup your web tier (I'm sure that's open for debate).  I'm trying to move our small subset of users on the private side to move over to the public side.  That would give us less servers to maintain.


Tauf - I'm waiting to hear back from RoD Ops Team.  I think the issues are SSL and NAT.  Not sure if they are completely independent issues or somewhat related.  Unfortunately I can't turn off the SSL enforcement on the public facing side to test that.  I am curious on the SSO side of the house also.  SmartReporting once integrated into ITSM will log you in auto-magically.  That could very well be the issue also.  That authentication won't happen because of the address translation, which triggers the error configuring this in mid-tier.  I wonder now if load balancers would cause a bunch of issues too with SmartReporting.



Brian



From: Action Request System discussion list(ARSList) <arslist@ARSLIST.ORG> on behalf of Tauf Chowdhury <taufc.is@GMAIL.COM>
Sent: Thursday, December 8, 2016 4:18 PM
To: arslist@ARSLIST.ORG
Subject: Re: SmartReporting over SSL in DMZ
 
**
Not sure about Control M. Truesight does not support Okta, which is what we use for our SSO and we have no need to make it publicly available so it's not a huge issue for us. 
We built Truesight in AWS

Sent from my iPhone

On Dec 8, 2016, at 4:09 PM, Lee Cullom <Lee.Cullom@NORTHCRAFTANALYTICS.COM> wrote:

**

Really?  Does it work for Truesight and Control-M too?  It would be great to pull information from all of them.  I would like to see how that is all put together!  You’re the first delighted RSR customer I’ve seen, so maybe the key is go on-demand for everything. 

 

 

 

From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury
Sent: Thursday, December 8, 2016 11:09 AM
To: arslist@ARSLIST.ORG
Subject: Re: SmartReporting over SSL in DMZ

 

**

The environment I'm currently using is Remedy onDemand and SmartReporting works fine with no performance issues.. essentially over the public internet. 

Maybe ask BMC guys to speak to their RoD Ops team

Sent from my iPhone


On Dec 8, 2016, at 10:36 AM, Lee Cullom <Lee.Cullom@NORTHCRAFTANALYTICS.COM> wrote:

**

Ick, not only will this be a nightmare to configure, but then the performance is going to be a disaster.  Turn back!

 

 

 

Lee Cullom | Northcraft Analytics

IT Metrics Specialist | Business Intelligence Applications for IT

Direct – 678-438-7244 | http://www.northcraftanalytics.com

Main - (678) 664-ITSM

<image001.png><image002.png><image003.png>

What is Northcraft Analytics? Find out in 87 Seconds.  

 

From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Vinod Gaidhani
Sent: Wednesday, December 7, 2016 1:23 PM
To: arslist@ARSLIST.ORG
Subject: Re: SmartReporting over SSL in DMZ

 

**

Hi Brian,

 

We also had similar situation not for smart reporting but for actual midtier access, basically you will need help from your network team which generally ask you to host one midtier in DMZ zone [public ip] which in turn talks to your private network setup. Not sure how much BMC can help here considering its internal to your infra/network but can take guidance from them for performance perspective.

Thanks,

Vinod Gaidhani.


On Dec 7, 2016, at 6:14 PM, Brian Pancia <panciab@FINITYIT.COM> wrote:

**

Trying to setup SmartReporting over SSL in a DMZ.  DMZ users are using a public IP and the servers have private IP's setup.  We can setup everything behind the firewall using private IP's.  Using the private IP's doesn't work from a user standpoint, so we need to use the public IPs for the SmartReporting/Mid-Tier config.  This is a standard web architecture from a security standpoint.  The configuration in Mid-Tier controls the Smart Reporting link in ITSM.  I'm not sure what else it does.  Support has not been able to find an answer for this.  Has anyone else been able to get this configuration to work.  We are on 9.1

 

Thanks,

 

Brian

 

DISCLAIMER: The information contained in this e-mail and its attachments contain confidential information belonging to the sender, which is legally privileged. The information is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are notified that any disclosure, copying, distribution or action in reliance upon the contents of the information transmitted is strictly prohibited. If you have received this information in error, please delete it immediately. _ARSlist: "Where the Answers Are" and have been for 20 years_

_ARSlist: "Where the Answers Are" and have been for 20 years_

_ARSlist: "Where the Answers Are" and have been for 20 years_

_ARSlist: "Where the Answers Are" and have been for 20 years_

_ARSlist: "Where the Answers Are" and have been for 20 years_
_ARSlist: "Where the Answers Are" and have been for 20 years_
DISCLAIMER: The information contained in this e-mail and its attachments contain confidential information belonging to the sender, which is legally privileged. The information is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are notified that any disclosure, copying, distribution or action in reliance upon the contents of the information transmitted is strictly prohibited. If you have received this information in error, please delete it immediately. _ARSlist: "Where the Answers Are" and have been for 20 years_