Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X
We are looking at setting up a company to allow external access to the Windchill system. One solution we are investigating is to use a firewall/DMZ for the external people and have them come into ProjectLink to get the data that internal people have placed there. We still want the internal people to login to PDMLink/ProjectLink like they do today directly to the servers.
Does anyone have some documentation that you are willing to share on how to setup the servers and configure them?
Thanks
I agree with Jess - previously we looked at URL re-writing with a Reverse proxy and dual http/https config when exposing our system to the internet and gave it up as a bad job.
We ended up with a https configured windchill system for both internal and external users, ReHosted our Windchill System to an Internet resolvable Domain Name and then used "split brain DNS" to allow interal users to access the internal IP of the normal System's Apache server, whilst the external Internet users resolved the hostname to the Internet IP of our Remote Access (Security) box. Once the external users authenticate against this Security device, they then get access to a separate (hardened) remote (not reverse proxy) Apache Server located in a DMZ that authenticates against the Windchill Administrative LDAP which holds the remote users details rather than the corporate Windows AD LDAP which holds our internal users. We can then use this distinction between internal and external users for further security controls in our Windchill ProjectLink access control.
Rgds
Gary