Greetings of the day!!
We have a task to public our Windchill URL to internet so that the remote users can also access the same when they are out of network.
Can someone help us out with the resolution.
Till now we have assigned one Static IP to the Windchill server but when we access Windchill through this the Apache asks for the credentials but after authentication the URL gets change to the Host name of the Windchill server ( e.g. http://host.mycompany.com:848/Windchill instead of 153.xx.xx.xxx/Windchill).
Please suggest the solution if anyone of you have faced the same issue earlier.
Your support will be appreciated.
You have to put measures in place ensuring it is safe from potential threats. Exposing the Windchill server itself to public space is not really a good idea, you need to ensure that a reverse proxy is put in place in your DMZ. Details of reverse proxy configuration is available here - http://www.ptc.com/cs/help/windchill_hc/wc102_hc/index.jspx?id=WCAdvDepNetworkConfig_ReverseProxy&ac...
For the reverse proxy, you can use Apache webserver shipped by PTC and use Linux machine with very minimal resources. I don't think it is a lot of investment considering the risk of exposing your product data repository to public internet space.
As for the name resolution, Windchill URLs are constructed from the value of the property wt.server.codebase in wt.properties $(wt.webserver.protocol)\://$(wt.rmi.server.hostname)/$(wt.webapp.name). Irrespective of the name/ip addresses you use to reach the server, the server will redirect the URL to the value of the property wt.server.codebase, including the hyperlinks in webpages.
So for the DNS resolution, create an entry in your company's public DNS so that reverseproxyhostname/Windchill would always be redirected from public internet to your reverse proxy.
Thanks for your attention on the topic!!!!!
I have gone through help center topic of "Reverse proxy".
In this regards i have few questions, will be very helpful if you can clear my doubts as we have not done such configurations prior to this:
* As per the help center topic we shall have a separate proxy server, is this the PTC's Apache server to be configured there?
* Will the existing Apache at Windchill server be as it is and be functional as well for internal users?
* Can't we make the Windchill Apache server to run as the Proxy server.
Thanks again for the help
Dharmendra - Looking at your add-on questions, it seems that you are wondering if there is a need to have a separate Apache server acting as a reverse proxy (distinct from the Windchill Apache server). The answer is yes. With a separate Apache server (reverse proxy configuration), you can have external users connecting to the reverse proxy (through the DNS) and internal users connecting to the Windchill Apache server (using the native wt.server.codebase URL) without going through the Reverse Proxy.
As underlined by Binesh, you can create your own reverse proxy configuration with the Bundled PTC Apache Server (a separate instance) or any other Apache distribution and you can also use a Linux VM (CentOS, RedHat, ..)
Here is the definition of the Reverse Proxy extracted from the Windchill Architecture Overview (WNC 10.2) available at this link
The following CS68466 is an excellent way to start this reverse proxy configuration.
Dear Binish & Herve,
Thank you for your support
I think we are now able to connect to the server using the static IP with all your support in the same regard.
After configuring the reverse proxy server with Windchill i am only able to access it through the reverse proxy server's address not by the Windchill host.
Any idea of the cause?
Please suggest the solution, if i made any configuration mistake.
Thanks in advance!!
This is expected behavior. You need to keep the URL same for the external users and internal users. The configuration which you have to do is in the DNS configuration so that the external users will be routed to reverse proxy and internal users directly on the Windchill Server eventhough they use the same URL. - (Split DNS Configuration). You can create different CNAME entries in your external DNS and your internal DNS
thanks for your kind reply!!!
Can you please elaborate Split DNS configuration, how can I achieve the same in our environment, As I am not much aware of the networking.
Use two different DNS servers to resolve the same Windchill Hostname to two different IP's - Internal users then resolve the windchill hostname to an internal IP (your internal user's apache server) and External users reolve the same windchill hostname to an external Internet based IP (your reverse proxy apache server).