Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

Highlighted
Not applicable

QlikView system network architecture (DMZ/Intranet)

Hello,

we are searching a best practice to setup our QlikView system (DMZ/Intranet).

We have two networks, a DMZ and an intranet. Our databases (infrastructure resource) are only accessible from the intranet and aren't accessible from the DMZ regarding security reasons. The clients should only be able to access to the QVWS or the IIS from internet. All other services should operate in the intranet only (QVS/QVP).

Is it possible to setup this?

Is this a recommended setup?

Which firewall rules do we have to create?

Thanks for your support.

Gunnar Weissmann

9 Replies

Re: QlikView system network architecture (DMZ/Intranet)

Gunnar

Yup :

     On LAN :

          QlikView Publisher          [if you use it]

          QlikView Server

          QlikView Web Server      [for LAN base clients]

     On DMZ

          QlikView Web Server     [for external client over the internet]

See for QlikView Ports for ports used to sort firewall.

Bill

Support
Support

Re: QlikView system network architecture (DMZ/Intranet)

Hi,

You can setup a system in the DMZ and use publisher to publish the reports to that machine.

Bill

Bill - Designated Support Engineer at Qlik
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
Not applicable

Re: QlikView system network architecture (DMZ/Intranet)

Hi Bill,

thank's for your answer. So it's possible only to push the reports to the webserver in the DMZ so i have not to allow communication from the DMZ to the intranet? How are user rights handled on the webserver with this setup? Is there a special configuration for that?

Thank you,

Gunnar

Re: QlikView system network architecture (DMZ/Intranet)

Gunnar

I use AD for authentication.

Bill

Not applicable

Re: QlikView system network architecture (DMZ/Intranet)

okay, but which communication directions do you allow? We only want to allow communication from the intranet to the dmz not from the dmz to the intranet (except stateful communication). Does this work with AD?

Thank you!

Re: QlikView system network architecture (DMZ/Intranet)

Gunnar

If you do not allow communications for the DMZ to your internal LAN then it won't work. 

Unless you decide to use proprietary authentication and also host a QV Server and your qvw's in the DMZ which would be extremely insecure and not something I would ever do myself.

Bill

Support
Support

Re: QlikView system network architecture (DMZ/Intranet)

Hi,

You can use the local directory for the QVS server to host the users.

Bill

Bill - Designated Support Engineer at Qlik
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
MamuKishore
New Contributor III

Re: QlikView system network architecture (DMZ/Intranet)

Hi,

Please help me that what are the changes or steps i have to follow in QlikView web Servers tab under QMC to access Qlikview thru internet.
I never found any steps followed to make changes for internet access. EVERYONE IS EXPLAINING "HOW TO ESTABLISH INTERNET ACCESS THRU DMZ " but no one giving proper ,clear explanation with steps.
Anyone reply asap with steps.
Partner
Partner

Re: QlikView system network architecture (DMZ/Intranet)

Hi Guys,

Anyone able to do this scenario? I am also looking for configuration setting.

 

thanks

muhammad