Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi Guys,
I would like to give users external access withouth VPN.
I can connect from server A(internal QV server) to dmz server > i added the dmz server in QMC and there is no error there.
But when i open the accesspoint in the dmz server i get an error message: no server.
- I've temporarly opened all ports between server A and the dmz server
- selected in QMC the correct server to connect: QVS@serverA (accespoint>serverconnection>name)
- i've installed on the dmz only the webserver (no iis)
I did not configure any authorization allthough i would like to use Active directory also in DMZ, but this will propably not work. My other option is local users on dmz (or DMS settings if its only possible to only configure for the DMZ server, and still use AD internaly)
But i for some reason i cannot connect to server A.
Am i missing something? (could it be the login credentials in the services qlikview webservice or the login in the QMC?)
He Bill,
Maybe you know this aswell: Currently i use local users on the DMZ server to acces their qlikview documents.
This works great but it will be hard to maintain 2 locals when the userbase grows. Also the users need 2 credentials.
Is it easy without rebuilding a authorization page and procedure to tunnel the AD authentication and authorization?
Thanks again!
HI,
Yes, this should be able to be done. You would have to run the Server in DMS mode and create a director connector pointing to the server in the DMZ. Then when you distribute a QVW with publisher you would pick the user in either the DMZ or AD.
Bill
Hi Jelco,
I have the exact requirement as you have. Additionally i also need to have a QVWS running on QVS machine to server internal users. Both the webservers need to be secured. (https://)
Can you please tell me if you have implemented secured access and if so, which certificates have you configured?
Hi Bill, if you also can help please.
Santosh
Hi Santosh,
Yes, you can do this. Not sure what you mean about the certificates this would be a question for your IT staff.
Bill
You can also use Certificates , this way you dont have to create a local account to impersonate an account created on the machine in DMZ
Thank you Bill, I meant SSL server certificates. Whether it needs to be configured on qlikview server machine or qlikview web server machine in DMZ.
Andreas Klittbo Thank you, this is s new thing i got to know on which i have to do research.
@Santosh to work with https i've binded a wildcard certificate to the 443 port. You can found here how to do that: http://community.qlik.com/message/193912#193912
I asume Andreas means client based certificates. I don't want to use this because then i need to install something @ all the clients.
@Bill is there a guide or something on how to create the director connector or tunneling the AD trough the dmz? I don't want to destroy my internal server distribution/authorization by doing somehting wrong:p
Bill,
I read the Microsoft AD FS 2.0 integration with QlikView 11 and I had a couple of questions that I'm hoping you can point me in the right direction for.
How to setup your AD FS 2.0 Server
Use the following procedure to install the AD FS 2.0 software on your Member Server.
The AdfsSetup.exe installation package will install AD FS 2.0 and all the prerequisite
software components that it requires.
How to create a new self-signed certificate
Attached to this document, you will find a Power Shell Script saved into a ZIP file called
do the following: