cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

We are happy to announce the new Windchill Customization board! Learn more.

Do you allow Windchill access outside your company?

gchampoux
1-Newbie

Do you allow Windchill access outside your company?

Currently, we allow only our employees to remotely access internal resources.
They have VPN access, and usually use remote desktop connection (RDC) to their PC here in our facility.
A project manager has requested that we allow a customer to have direct access to Windchill and their product.
I'm not concerned about the technicalities. That has been discussed several times in the past. (DMZ, reverse proxy, etc)
We would use VPN for the customer, and he would have his own copy of Pro/E on his PC.

My greater concern is security.
I am uncomfortable with someone outside the company accessing our data, even if read-only.
We already have a secure FTP-like site to send and receive files between our custiomer and suppliers.
So we already are able to give the customer what he needs.
However, the customer wants direct access so he can get models in real time, without having to wait for a request to be processed, which is rarely more than one day.
If we allowed the customer direct access, they would be able to download all Pro/E models & drawings in their Windchill product, which also includes many other models & drawings (test, manufacturing, tooling). We would also have to give them access to our libraries of standard components.


Have you had to deal with this issue?
How so?

Gerry Champoux
Williams International
Walled Lake, MI

9 REPLIES 9

Gerry

We use Projectlink for that function and restrict our "guest" to only
his Project and we also limit his tabs etc, so he only sees home and
his project. We do not grant access to anything else, including libraries.

Marc

AL_ANDERSON
5-Regular Member
(To:gchampoux)

We will be going live with our PDMLink system in a DMZ with Windchill 10
later this year.

Our plan is to allow external customers and suppliers access to data
through projects. Using profiles and access control, an external project
user will only see the project tab and documents either in their projects
or shared to their projects. Internal users will see libraries, products,
and the projects they have access to.

Al Anderson









[solutions] - Do you allow Windchill access outside your company?

Gerry Champoux
bfrandsen
6-Contributor
(To:gchampoux)

We use ProjectLink for this capability. Only objects shared to the project are available for the externals on the Project Team.
Much easier for our users than FTP and with the same security, but much easier if data has to go back into the Project.

Best Regards,
Bjarne Frandsen
bfrandsen
6-Contributor
(To:gchampoux)

Sorry. That should have read "data back to the Product".
We also give externals access to our standard components and templates in libraries, so their setup is exactly the same as for internal users.
They have permissions to share from these libraries to the project, so we do not need to serve them with models of standard components either.

Best Regards,
Bjarne Frandsen


You can also use the ACLs within Windchill to prevent undesired access. We use these to prevent our own employees from downloading stuff they shouldn't be and sending it out to customers.
For example, if we know a drawing needs a revision, we first promote the drawing to obsolete. This prevents our people from even knowing it exists. Then the engineers revise it and release it again. Our internal folks only see objects when they are in a released state. So our folks can only see the last released object which is exactly how we want it.
You could implement a state called "Customer Review" or some other state in Windchill that gives your customer access to objects in that state only.
I like the ProjectLink idea and have tried very hard to push that idea here. I even tried to make it easy by going with NetIDEAS as a partner. But the powers that be decided that sharing information back and forth is not that important yet.

Mike -

Thanks to the great many replies.


Unfortunately, I was negligent in specifying our environment.
We are using Windchill Intralink 9.1.

Several people recommended ProjectLink to control access.
However, ProjectLink cannot be added to Intralink (as it can with PDMLink).



Gerry Champoux
Williams International
Walled Lake, MI

In Reply to Gerry Champoux:



Currently, we allow only our employees to remotely access internal resources.
They have VPN access, and usually use remote desktop connection (RDC) to their PC here in our facility.
A project manager has requested that we allow a customer to have direct access to Windchill and their product.
I'm not concerned about the technicalities. That has been discussed several times in the past. (DMZ, reverse proxy, etc)
We would use VPN for the customer, and he would have his own copy of Pro/E on his PC.

My greater concern is security.
I am uncomfortable with someone outside the company accessing our data, even if read-only.
We already have a secure FTP-like site to send and receive files between our custiomer and suppliers.
So we already are able to give the customer what he needs.
However, the customer wants direct access so he can get models in real time, without having to wait for a request to be processed, which is rarely more than one day.
If we allowed the customer direct access, they would be able to download all Pro/E models & drawings in their Windchill product, which also includes many other models & drawings (test, manufacturing, tooling). We would also have to give them access to our libraries of standard components.


Have you had to deal with this issue?
How so?


Gerry

Sounds like in the name of security you need to upgrade to PdmLink and
ProjectLink.
it might be the easier and better choice in the long run.

Marc

Brian

Depends on the load the more memory you can give to the method servers the
better so (as with all servers bigger is better for mem and cpu imho)
big mem + fast CPU = cool
Big mem + not so fast CPU = ok
small mem + fast CPU = < ok
small mem + not so fast CPU = slow

The other thing to watch out for is, if you are using Oracle, the
licensing on the server, minefield, think its still based on cores rather
then processors, just worth a check bud


Best Regards

Chris Collinson
CAD Administrator

Apologies for replying to the wrong e-mail and group

Friday Finger Frolics me thinks



Best Regards

Chris Collinson
CAD Administrator
Top Tags