Qlik Community

QlikView Management

Discussion Board for collaboration on QlikView Management.

Not applicable

Access QMC via external ip

Howdy,

I had my IT guys set up an external IP address to get accesspoint anywhere on the web...

Any idea why i can't get access to the QMC via this same external ip?

6 Replies

Re: Access QMC via external ip

Maybe there are blocked ports or firewall / group policy restricted the access - but you should think carefully if you makes your server available from external. It's rather not recommended - you could use VPN.

- Marcus

Not applicable

Re: Access QMC via external ip

Thanks for your response Marcus,

Do you say that, even though we authenticate using active directory credentials? Is it really a big security concern?

-David

Re: Access QMC via external ip

I couldn't say how great the risks are. The server could be ddos attacked, exploits against browser / protocolls / services, staff could leave the company ... What is responsible and what is paranoid? I don't know.

- Marcus

Not applicable

Re: Access QMC via external ip

Agree with Marcus here, certainly wouldn't recommend it

Re: Re: Access QMC via external ip

David

If you really, really want to access AccessPoint from a browser on the external web, then the way I have done it is :

  • Build additional new QV Web Server with IIS in the DMZ
    • With SSL enabled for https
    • Implement additional security within IIS and other methods
      • [I won't divulge details of this on a public forum as it could be read & exploited by hackers]
    • Only open the https firewall port from this DMZ server to the web
  • Leave existing QV Server on the LAN
    • Only open the mandatory QV Server firewall ports from this server to the  DMZ QV Web Server with IIS

DO check with your powers to be about your company's security policies.

     *******************************************

Opening any ports from the external web direct through to your LAN is very insecure.

This is not the case how I have done it as the additional new QV Web Server with IIS in the DMZ acts as broker and allows no direct access web to LAN.

If in doubt be very paranoid and make sure anything you do is approved at a senior level above you.

Not applicable

Re: Access QMC via external ip

Thank you for your help guys!

The VPN can be such a pain for users...we're hoping to have a secure enviroment with this external IP...

Though i'm getting the impression that's not possible to do it while being secure

Community Browser