5 Replies Latest reply: Aug 25, 2015 9:54 AM by Peter Cammaert RSS

    DMZ Server Setup for AD users over Internet from Outside the Network

    it man

      Hi All,

      We currently have users who can access QlikView dashboards over our intranet.

      These users login with their Active Directory credentials.

      We are using DMS authorization.

      I am looking for a way to provide access to these users in Active Directory over the internet.

      I am also looking for a way to provide access to the users over the internet who are not in our Active directory.

      I would like to use our DMZ server to handle this.

      So far, I have tried to follow others experiences on this forum but, been unsuccessful in configuring our DMZ server to accept AD users credentials to login to Access Point.

       

       

      Please let me know, if possible a step-by-step approach ( screenshots are awesome )how I can acheive this.

       

       

      (

      However, I am able to create Users under System > Setup > Directory Service Connectors > Custom Directory > Users

      Then, I copied ..\DirectoryServiceConnector\CustomDirectoryData.xml file from Server to Intranet Web Server directory.

      I am able to successfully login over the internet using these User Credentials.

      But, I dont think this is a sustainable approach when having a large number of Users.

      )

        • Re: DMZ Server Setup for AD users over Internet from Outside the Network
          Peter Cammaert

          IIRC, QlikView doesn't allow mixing authentication systems on the same web server.

           

          Providing AD access to internet visitors should be pretty easy (although a bit insecure and not without a forced login dialog). Restricting the second web server in the DMZ to accept only custom users is doable as well (AD users will use the internal web server, and when on the road they could use VPN to enter the domain). But providing access to all of them from the same web server at the same time?

          • Re: DMZ Server Setup for AD users over Internet from Outside the Network
            Bill Britt

            HI,

             

            To start you need to have an Extranet license to allow users that are not in your AD to access from the internet. Customer users are not really used from more than testing and can't be used with other directory Service connectors.

             

            You will need to develop some form of SSO solution for this.

             

            Bill

            • Re: DMZ Server Setup for AD users over Internet from Outside the Network
              it man

              Hi Bill,

              Glad to know about the extranet license requirement.

              For now, i'll be configuring to provide QlikView Accesspoint access to our AD users over internet.

               

              Hi Peter,

              I should have clarified earlier, but, we did create two Web Servers.

              One for intranet usage and the other for internet usage.

              The intranet usage Web Server is working fine and users are able to access QlikView access point.

               

              The challenge I am facing is to securely provide access to these same users over the internet when they are outside the network through DMZ server.

              You have mentioned two issues which I am concerned about:

              1. Insecure (If its insecure, what would be the best practice approach?)

              2. cannot getaway without a forced login dialog  ( so, is SSO not possible? )