Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
pwagner
Partner - Creator III
Partner - Creator III
‎2019-08-05 08:57 AM

Pre-requisites for Qlik Sense in a DMZ enviroment

Hello community,

I found this pre-requisites for Qlik Sense in the manual on help.qlik.com:

Processors (CPUs) Multi-core x64 compatible processors. We recommend that you use at least 4 cores per node in a Qlik Analytics Platformdeployment.

Memory 8 GB minimum (depending on data volumes, more may be required)

Disk space 5.0 GB total required to install

 

What are the requirements for Qlik Sense in DMZ as a prozy node? The same one?

These are the 'recommended' requirements. What are you 'minimum' requirements?

 

Thank you. Best regards, Patrick

Labels (4)
Labels
2,909 Views
0 Likes
10 Replies
Giuseppe_Novello
Support
Support
‎2019-08-05 11:42 AM

Those are requirements for bare bone environment ( that has no apps and 1-2 users) and including they are in fact the minimum system requirements to get QS install, anything below that, it is unsupported regardless their function or purpose. 

"This section lists the requirements that must be fulfilled by the target system in order to successfully install and run Qlik Sense." 

https://help.qlik.com/en-US/sense/June2019/Subsystems/PlanningQlikSenseDeployments/Content/Sense_Dep...

Giuseppe Novello
Principal Technical Support Engineer @ Qlik
2,547 Views
0 Likes
pwagner
Partner - Creator III
Partner - Creator III
‎2019-08-06 01:34 AM
Author

In response to Giuseppe_Novello

Thank you Giuseppe.

For a prozy server in a DMZ enviroment, what are your recommendations?

2,542 Views
0 Likes
Giuseppe_Novello
Support
Support
‎2019-08-06 08:03 AM

In response to pwagner

Recommendation in what sense? In sizing, I can't say for sure, maybe you can exercise by using the scalability tool:

https://community.qlik.com/t5/Qlik-Scalability/Qlik-Sense-Scalability-Tools/gpm-p/1490846#comment-48...

 

BR

 

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik
2,528 Views
0 Likes
Levi_Turner
Employee
Employee
‎2019-08-06 08:18 AM

Practically speaking Qlik Sense should not have a node in the DMZ and a node on the domain. This is due to the set of requirements which would need to be fulfilled, including but not limited to:

  • SMB Shared to the DMZ node (the RIM needs to access a common share)
  • If
    • the DMZ node is not on the domain: you'll likely use the Windows Credential Manager / Vault to store credentials for the domain for the share
    • the DMZ node is on a different domain: either above or cross-domain trust
  • A litany of ports needed for Qlik Sense services

With these needs for a node in Qlik Sense, it is very unattractive to place it in a DMZ. There, of course, are ways to harden such a setup but that's a topic for the client's internal security team(s). From the Qlik standpoint, it's more self-evidently secure to place a reverse proxy / network appliance in front of the node intended to service external users (if they are different than the internal users) and tunnel the traffic inside the firewall.

2,524 Views
0 Likes
pwagner
Partner - Creator III
Partner - Creator III
‎2019-08-27 07:10 AM
Author

In response to Levi_Turner

Ok, thank you for your explanation. This is new to me/us.

 

We like to set up the enviroment, explained on this support.qlik website: https://support.qlik.com/articles/000033939

 

@Levi_Turner : From your point of view, you would not set the enviroment like this? In case, you would do so, which requirements of the Prozy node would you recommend?

2,473 Views
0 Likes
Levi_Turner
Employee
Employee
‎2019-08-27 08:13 AM

In response to pwagner

@pwagner : No, I would not. I just do not see a reason why SMB traffic + a litany of ports is considered more secure than 443 over a reverse proxy. Ultimately it is an individual customer's decision, but I have come across very few who opt for the DMZ style deployment once the requirements for that type of deployments are presented.

2,466 Views
0 Likes
pwagner
Partner - Creator III
Partner - Creator III
‎2019-08-27 08:37 AM
Author

In response to Levi_Turner

@Levi_Turner  - thanks again. Would you use this way --> https://support.qlik.com/articles/000043332?

If not, do you have a proper explanation of setup process of such a reverse proxy?

2,458 Views
0 Likes
Levi_Turner
Employee
Employee
‎2019-08-27 01:36 PM

In response to pwagner

I'd first see if there's already a network appliance used in the customer's environment. It can be something as sophisticated as an F5 Load Balancer, down to using Apache / Nginx / IIS as a reverse proxy.

The best situation is to use existing investment and experience rather than standing up something new.

The article is for IIS. But there are others for other software pages, e.g. Nginx.

2,443 Views
0 Likes
pwagner
Partner - Creator III
Partner - Creator III
‎2019-08-28 02:19 AM
Author

In response to Levi_Turner

Ok - I guess I understand.

Just to be sure, with a reverse proxy enviroment, external users (outside network, no VPN connection) can enter to Qlik Sense?

2,434 Views
0 Likes