We have a common usecase where Customers like to collaborate the external partners and subcontractors, but will not let them access the local network. ProjectLink is fulfilling the user needs, but not IT security requirements. To fullfill the IT sequrity requirements, Projectlink webserver has to be placed in the DMZ.The communication between the webserver and the application has to be restricted and encrypted. Does anyone have configured such environment?
Many years ago I saw a PTC User presentation that described a better approach using a reverse proxy in the DMZ. Internally, users accessed the system directly and even the hostname was different for them. For remote users, there was a reverse proxy which was restricted for only those external users, add what ever security you want to. Those users were restricted to only see data in projectlink projects. It was enforced not only from the application end but also via the reverse proxy (don't ask me how) to ensure the external user did not access anything beyond their project. This kept you from having to stand up another server and shuffle data back and forth. BTW, how do you like ProjectLink compared to other tools for collaboration?