Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2014-11-26 11:10 AM

Access QMC via external ip

Howdy,

I had my IT guys set up an external IP address to get accesspoint anywhere on the web...

Any idea why i can't get access to the QMC via this same external ip?

994 Views
0 Likes
6 Replies
marcus_sommer
MVP
MVP
‎2014-11-26 11:44 AM

Maybe there are blocked ports or firewall / group policy restricted the access - but you should think carefully if you makes your server available from external. It's rather not recommended - you could use VPN.

- Marcus

595 Views
Not applicable
‎2014-11-26 11:48 AM
Author

In response to marcus_sommer

Thanks for your response Marcus,

Do you say that, even though we authenticate using active directory credentials? Is it really a big security concern?

-David

595 Views
0 Likes
marcus_sommer
MVP
MVP
‎2014-11-26 12:04 PM

In response to

I couldn't say how great the risks are. The server could be ddos attacked, exploits against browser / protocolls / services, staff could leave the company ... What is responsible and what is paranoid? I don't know.

- Marcus

595 Views
0 Likes
Not applicable
‎2014-11-26 12:12 PM
Author

In response to

Agree with Marcus here, certainly wouldn't recommend it

595 Views
0 Likes
Anonymous
Not applicable
‎2014-11-26 12:15 PM
Author

In response to

David

If you really, really want to access AccessPoint from a browser on the external web, then the way I have done it is :

  • Build additional new QV Web Server with IIS in the DMZ
    • With SSL enabled for https
    • Implement additional security within IIS and other methods
      • [I won't divulge details of this on a public forum as it could be read & exploited by hackers]
    • Only open the https firewall port from this DMZ server to the web
  • Leave existing QV Server on the LAN
    • Only open the mandatory QV Server firewall ports from this server to the  DMZ QV Web Server with IIS

DO check with your powers to be about your company's security policies.

     *******************************************

Opening any ports from the external web direct through to your LAN is very insecure.

This is not the case how I have done it as the additional new QV Web Server with IIS in the DMZ acts as broker and allows no direct access web to LAN.

If in doubt be very paranoid and make sure anything you do is approved at a senior level above you.

595 Views
0 Likes
Not applicable
‎2014-11-26 12:17 PM
Author

Thank you for your help guys!

The VPN can be such a pain for users...we're hoping to have a secure enviroment with this external IP...

Though i'm getting the impression that's not possible to do it while being secure

595 Views
0 Likes