Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2013-09-09 07:01 AM

dmz server configure

Hi Guys,

I would like to give users external access withouth VPN.

I can connect from server A(internal QV server) to dmz server > i added the dmz server in QMC and there is no error there.

But when i open the accesspoint in the dmz server i get an error message: no server.

- I've temporarly opened all ports between server A and the dmz server

- selected in QMC the correct server to connect: QVS@serverA (accespoint>serverconnection>name)

- i've installed on the dmz only the webserver (no iis)

I did not configure any authorization allthough i would like to use Active directory also in DMZ, but this will propably not work. My other option is local users on dmz (or DMS settings if its only possible to only configure for the DMZ server, and still use AD internaly)

But i for some reason i cannot connect to server A.

Am i missing something? (could it be the login credentials in the services qlikview webservice or the login in the QMC?)

Labels (1)
Labels
3,568 Views
18 Replies
Not applicable
‎2013-09-10 05:48 AM
Author

He Bill,

Maybe you know this aswell: Currently i use local users on the DMZ server to acces their qlikview documents.

This works great but it will be hard to maintain 2 locals when the userbase grows. Also the users need 2 credentials.

Is it easy without rebuilding a authorization page and procedure to tunnel the AD authentication and authorization?

Thanks again!

417 Views
0 Likes
Bill_Britt
Former Employee
Former Employee
‎2013-09-10 12:29 PM

In response to

HI,

Yes, this should be able to be done. You would have to run the Server in DMS mode and create a director connector pointing to the server in the DMZ.  Then when you distribute a QVW with publisher you would pick the user in either the DMZ or AD.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
417 Views
0 Likes
Not applicable
‎2013-09-12 12:50 AM
Author

In response to

Hi Jelco,

I have the exact requirement as you have. Additionally i also need to have a QVWS running on QVS machine to server internal users. Both the webservers need to be secured. (https://)

Can you please tell me if you have implemented secured access and if so, which certificates have you configured?

Hi Bill, if you also can help please.

Santosh

417 Views
0 Likes
Bill_Britt
Former Employee
Former Employee
‎2013-09-12 08:18 AM

In response to

Hi Santosh,

Yes, you can do this. Not sure what you mean about the certificates this would be a question for your IT staff.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
417 Views
0 Likes
Not applicable
‎2013-09-12 08:23 AM
Author

You can also use Certificates , this way you dont have to create a local account to impersonate an account created on the machine in DMZ

417 Views
0 Likes
Not applicable
‎2013-09-13 01:24 AM
Author

In response to Bill_Britt

Thank you Bill, I meant SSL server certificates. Whether it needs to be configured on qlikview server machine or qlikview web server machine in DMZ.

417 Views
0 Likes
Not applicable
‎2013-09-13 01:26 AM
Author

In response to

Andreas Klittbo Thank you, this is s new thing i got to know on which i have to do research.

417 Views
0 Likes
Not applicable
‎2013-09-13 10:26 AM
Author

@Santosh to work with https i've binded a wildcard certificate to the 443 port.  You can found here how to do that: http://community.qlik.com/message/193912#193912

I asume Andreas means client based certificates. I don't want to use this because then i need to install something @ all the clients.

@Bill is there a guide or something on how to create the director connector or tunneling the AD trough the dmz? I don't want to destroy my internal server distribution/authorization by doing somehting wrong:p

417 Views
Not applicable
‎2014-11-20 06:38 PM
Author

In response to Bill_Britt

Bill,

I read the Microsoft AD FS 2.0 integration with QlikView 11 and I had a couple of questions that I'm hoping you can point me in the right direction for.


  1. Do the ADFS services get installed on the web server or a separate server in the DMZ based on the following step?

How to setup your AD FS 2.0 Server

Use the following procedure to install the AD FS 2.0 software on your Member Server.

The AdfsSetup.exe installation package will install AD FS 2.0 and all the prerequisite

software components that it requires.

  1. If I have an external SSL from a public CA do I need to create a self signed cert?

How to create a new self-signed certificate

Attached to this document, you will find a Power Shell Script saved into a ZIP file called

  1. makecert.zip. Please use the included Power Shell script in your Power Shell editor and

do the following:

  1. 3. Since this is in the DMZ will I require an ADFS Proxy server in the DMZ and an ADFS server in my internal VLAN?
417 Views
0 Likes