Can any of you weigh in on where the Directory Service Connector service should reside in a 3 server architecture (QV 11 SR1)?
I would like the environment to look like this:
From what I have read in the WhitePapers I should deploy the services like this:
My issue is that the Directory Services Connector talks to Active Directory (obviously) so we need to be careful about firewall restrictions. Because we want to access this environment externally our network team wants this configuration:
Do you have any thoughts regarding this? How are your environments configured?
I appreciate your response. So option 1 was my origional choice, but our networking team wants option 2. We have a requirement to make QV externally available, so our networking team doesn't want the 'Presentation Servers' to talk to Active Directory. If we go with option 2 then the 'Preparation server' can be internal and allowed to speak to AD, while the presentation servers can be treated as external and can be restricted from talking to AD directly. I'm sure this security question is not uncommon - thoughts? Am I misunderstanding something here? I don't think QV Server and QV Web Server need to talk to the directory - correct?
I'm a little confused by your response - wouldn't QlikView Web Server utilize the Directory Connector to speak to the directory to resolve group members; and therefore the Web Server would not speak to the directory directly but rather through the Directory Connector? Are you saying the Windows OS on the web server would speak to Active Directory to resolve group memberships?
As a follow up I deployed the Directory Services Connector on all three servers in the above diagram and this configuration is working well for me. I would suggest that others with the same configuration should do the same.