Solved: Qlik Sense deployment in a DMZ Environment - Page 2 - Qlik Community

ksmccann · ‎2016-11-10

HI All

Has anyone seen a good document for Qlik Sense that covers deploying in a DMZ environment and authenticating users with LDAPS? I have the ports document but still trying to figure out how the proxy servers and authentication directories should be configured to work with each other. The user will have an internal proxy server also that authenticates with AD which I already have working on the central node. Now i am trying to configure the RIM node proxy server in the DMZ to authenticate the users

I am trying to clarify where authentication is done in the rim and central configuration. Does the central server do the authentication behind the firewall or does the proxy server in the DMZ do the authentication and therefore needs a RODC or open ports to the AD domain or LDAP server?

Do I need to define 2 user directories (one for the internal proxy server and one for the external proxy server) or will one work for both?

I have looked at the installation guide and numerous posts on the community but have not found a clear description of a best practice for DMZ deployment and Authentication with either LDAPS or AD when running a mixed internal and external environment.

Any insight, documentation or experience in this area would be greatly appreciated.

bradshields · ‎2017-03-07

HI Mark,

Greetings from Australia. I am heading down the OKTA path with a client here in the next month or so. We will need section access on the apps and I was wondering what approach you had used when combining OKTA and SA?

I you haven't integrated OKTA and want to, I will be happy to share insights.

If you are heading to Qonnections, i might be good to catch up.

Brad

ksmccann · ‎2017-03-07

hi Brad, I would love to hear about your experience also. I am doing a security presentation at Qonnections that covers authorization and SA but don't have anything on this topic currently. Anything you can share I would be happy to give you credit for (as well as buying a beer or 2) as there are so many ways to look at security and I am trying to provide as many scenarios as possible for various deployments in both QlikView and Sense. Of course at 61 slides I may already have too much, but I am an Aussie too so I can talk REALLY fast! 🙂

spinchuk · ‎2018-05-16

Hi Jeffrey,

In the answer number 3 you offered to share the ticketing solution. Can you please share the JavaScript solution, or the one that you think is the most common. Thank you!

j_puri_6601 · ‎2018-09-02

Hi Kevin, owing to user demand, we're considering setting up a reverse proxy in the DMZ talking to QS server behind the corporate firewall. Looking for solutions that worked successfully for others.

Appreciate if you could share how you implemented this....what was your eventual set-up

thanks in advance!

ksmccann · ‎2018-09-02

hi Jasleen, we did ultimately deploy the reverse proxy server in the DMZ and all of the QLik sense components behind the firewall and at this point I would say this is a recommended best practice from QLik for a secure extranet deployment.