Internal and external facing applicaitons on same infrastructure

Similar Messages

• SiteMinder integration with the internal and external facing portals

  Hi ,
  We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
  and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
  If you maintain  2 diff(external & internal) LDAP Directories in Siteminder Policy Server  what about  external users which are  not exit in portal data source .
  I appreciate if anyone  can help me for my above query .
  Regards
  Tag

  Hey Tag,
  We do have a physical external Portal and a physical internal portal.  The both the external and internal are connected to 2 LDAP directories.
  For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory.  The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
  So each one of them is connected to 2 different LDAP Directories.
  I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server.  Then each of the Policies is configured to connect to the approiate LDAP Directories.
  You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server.  It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
  Hope that helps.
  Regards,
  Keith

• Unable to activate internal and external urls at the same time

  Hi,
  We have Configured EBS R12 in DMZ setup as described in Figure F-9 of metalink note 380490.1 ,Option 2.4: Using Reverse Proxy with no External Web Tier.
  refering to 726953.1 Case History: Implementing a Reverse Proxy Alone in the DMZ Configuration - R12.
  but Not able to activate internal and external urls at the same time in this configuration. Only the node where last autoconfig was run getting activated as web node.
  When trying to accees the url of the other node it gets redirected to the url (where autoconfig is last run).and for this error observed is Error Code:502 Proxy Error.The specified Secure Sockets Layer (SSL) port is not allowed.(12204).
  For both external and internal services are UP.opmn status is live no error.
  Using Apache as reverse proxy.
  EXTERNAL Reverse proxy settings:
  s_login_page http://LONWEB01.process.com:81/OA_HTML/AppsLogin
  <TIER_DB oa_var="s_isDB">NO</TIER_DB>
  <TIER_ADMIN oa_var="s_isAdmin">NO</TIER_ADMIN>
  <TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
  <TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
  <TIER_NODE oa_var="s_isConc">NO</TIER_NODE>
  <TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
  <TIER_NODEDEV oa_var="s_isConcDev">NO</TIER_NODEDEV>
  <TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
  INTERNAL Middle Tier settings:
  s_login_page http://stprojapp01.test.com:8005/OA_HTML/AppsLogin
  <TIER_DB oa_var="s_isDB">NO</TIER_DB>
  <TIER_ADMIN oa_var="s_isAdmin">YES</TIER_ADMIN>
  <TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
  <TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
  <TIER_NODE oa_var="s_isConc">YES</TIER_NODE>
  <TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
  <TIER_NODEDEV oa_var="s_isConcDev">YES</TIER_NODEDEV>
  <TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
  Are we missing anything....
  Thanks & Regards

  Hi,
  Finally it's resolved...Following is the solution thought to share in the forum:
  The configuration of the E-Business Suite environment for DMZ requires profile options hierarchy type to be set
  to SERVRESP.
  To change the profile options hierarchy type values to SERVRESP, execute the following SQL script as
  shown below:
  sqlplus / @/patch/115/sql/txkChangeProfH.sql SERVRESP
  After successfully completing the above sql script, run Autoconfig in all nodes to complete the profile options configuration.
  It's resolved after doing this..

• My iPod is playing internal and external sound at the same time when my headphones are connected

  Hi, I have an iPod nano, 16 GB, 5th gen, that I've had for almost five years. It has never given me any problems before, but today when I plugged in my headphones the sound played not only inside the headphones but through the iPod's external speaker. When I turn the volume up or down only the external sound goes up or down, the headphones still play music at the same volume. I tried connecting the iPod to other headphones, and inserted and removed the headphone jack from the iPod about 20 times, the only thing I haven't tried is restoring because I don't know if that would make any difference and I would like to avoid restoring if I can. Thank you for your time.

  Thank you for the suggestion, but it didn't work.

• Delivery report shows status of Pending for external address. Email sent to both internal and external addresses.

  We have an Exchange 2013 on-premise server and seem to have an issue with emails sent to internal and external users at the same time.
  The issue came to light because someone sent an email to 44 recipients, of which one was internal. None of the external recipients received the email. I checked the delivery report in the EAC and found the internal email marked as 'Delivered' and all of
  the external ones marked as 'Pending'. I checked the queues and there were none. I did some testing and sent an email to just one of the external addresses on the list, it arrived. I tried sending the email again to all of the recipients, the external ones
  all showed 'Pending'. I tried it again, but this time excluded the internal email address and all of the 43 external emails were immediately delivered.
  So it seems that the issue only arises when we are sending to both internal and external addresses.
  I then tried a test email to one internal address and one external address. The Delivery report says that the internal address was delivered immediately, while the external address is 'Pending' and gives more information saying: 'Message delivery is taking
  longer than expected. There may be system delays. For more information, contact your helpdesk.'. To add further mystery to this, the email was actually delivered.
  So, I have two concerns:
  First is seems that some emails sent both internally and externally are only arriving internally. This is a huge problem because I don't know how many have been affected. There may be many lost emails we don't know about.
  Second, it looks like I can't trust the delivery report. It says pending for some emails which didn't arrive, but it also says pending for some which did arrive. That is no good at all.
  For info the server is running Windows Server 2012. I have run a Microsoft Update to check if there are any to apply and the only Exchange one is a spam filter update, which I doubt has any bearing but I will apply when I get chance.

  Hi Neil,
  According to the description, I find a related KB on Exchange 2010:
  https://support.microsoft.com/kb/2694474?wa=wsignin1.0
  It has the similar situation as yours.
  This issue occurs because a function in a message tracking component tries to obtain the information for the recipient instead of the external recipient.
  Please try to upgrade to the latest Exchange update to check whether this issue can be solved.
  Also please check whether Throttling has been set.
  Please run "Get-TransportService | fl" to check the MaxOutboundConnections parameter value.
  More details to see:
  Message throttling 
  http://technet.microsoft.com/en-us/library/bb232205(v=exchg.150).aspx
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Internal and External Encryption

  Hi,
  I'm currently struggling at some probably basic encryption question. I hope someone can give me a hint...
  I've got a customer migrating from Notes to Exchange 2013.
  They are running a PGP gateway which takes care of external encryption.
  In Notes they used to user-enforce encryption (PGP or S/MIME) by a button or adding "#" in the beginning of the subject field.
  As the Notes guy told me, they are manipulating the Mail header so the original un-encrypted mail is delivered to the encryption gateway for external encryption if the mail is addressed to internal and external recipients. Internally it is encrypted by Notes
  itself.
  My question is, how can I achieve something similar with exchange and such a gateway? Is there a way to encrypt mails internally by utilizing
  an internal Server 2008 PKI and externally by the encryption gateway (while addressing the mail to internal and external recipients at the same time)?
  Thanks!

  Hi Pano,
  Unfortunately you cannot have all of these under one solution. There is no All in One feature at least that I know of.
  However if you want your users to be able to read encrypted data when they are not in the corporate network AD RMS can still help you with this. If what you wanted to encrypt emails that are sent to external organisations you can either establish coexistence
  by implementing TUDs and TPDs or use S/MIME for those. I doubt that company sensitive data would be sent out to external parties hence AD RMS might still help.
  If S/MIME is used bear in mind that these messages cannot be decrypted during e-discovery searches however AD RMS protected messages can be. AD RMS provides protection to the document and can be incorporated with Exchange Transport Rules.
  Cheers
  CK

• DNS Forwarding Same Internal and External Zone

  Hi,<o:p></o:p>
  So we have decided that we want our internal domain to be the same as our external domain e.g. domain.uk. I understand that split DNS can be used
  to fulfil this requirement but is it possible to set up a forward so if the DNS entry is not available in the internal zone it will forward onto one of our external name servers where it can resolve?<o:p></o:p>
  We are basically trying to avoid having to add the entry on both external and internal DNS servers for it to resolve. So far I have added the external name servers to
  the forwarders and disabled root hints which didn’t work. I’ve tried to add a conditional forwarder but it says the zone already exists. It seems the only to achieve the internal resolution is by creating the DNS entry both internally and externally.<o:p></o:p>
  Does anyone know if this is the case? It seems strange that you couldn’t point the DNS to another external name server for resolution? <o:p></o:p>
  Any help would be appreciated.<o:p></o:p>

  You must ask in networking forum
  https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS&filter=alltypes&sort=lastpostdesc

• Internal and External Portals be hosted & Configured on Same Portal server?

  Hi Experts,
  Is it possible to host and configure the Internal portal and External Portal on the same portal server?
  If yes, kindly provide the inputs.
  We have a scenario wherein we have to use the same portal server for both kinds of users (Internal as well as External).
  We want to provide separate URLs for both the portals and the datasource for the users management would be different for both the scenarios.
  The user managemnet in case of Internal Portal has to be authenticated to an AD server whereas in case of External Portal the user management would be taken care by UME.
  Please suggest and share some docs if possible.
  Thanks & Regards,
  Anurag

  Hi,
  Can we customise the Portal logon page for both the portals differently?
  I've already customised the portal logon page by modifying the UME properties in the Config Tool but that was done keeping in mind the External Portal users. Now, we want to customise the page for Intranet users but with different options at the logon page.
  How can we achieve this functionality as any property that we modify in either VA or Config Tool will affect both types of portal pages.
  For an eg. we have a Self Registration link for the external users which we do not want for the Intranet users. How is this possible?
  If we design a webdynpro java application for the logon page and for authentication purpose, can we call a home page iview on successful authentication?
  And with this customised webdynpro java application, can we connect to the AD server for the user authentication?
  Best Regards,
  Anurag

• Use Same URL for Internal and External Access for CRM 2015 IFD

  I have setup a CRM2015 server for IFD access.
  ADFS and CRM are on separate servers.
  CRM server all roles
  ADFS 2.0 server.
  Using the internal URL I am able to access CRM without entering my details (as expected)
  Using the external URL I am authenticated by ADFS as expected and can sign in.
  We have an internal domain domain.local
  We have an external domain domain.com (the certificate is for *.domain.com)
  We have a DNS zone created internally for domain.com.
  CRM URLs
  internal : internalcrm.domain.com
  External : externalcrm.domain.com
  I would like all users to use the same link regardless of them being internal or external, but I would like so that any user who is on the domain is automatically logged in without entering their username and
  password. What is the best way to do this?
  I have tried creating a cname record on the internal domain.com zone pointing externalcrm.domain.com to internalcrm.domain.com but that didn't work, I still get the ADFS sign in page.
  Thanks

  So fair warning, what you're asking for isn't really a supported deployment method of CRM.
  That said, you should be able to do some DNS trickery internal to your network that points your "crm.domain.com" to "crm.domain.local" and then hopefully CRM will treat the connection as if it came from an internal network.
  Otherwise, you're likely going to have to accept that everyone gets the ADFS login page internal and external to your network.
  The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

• Exchange 2013 DNS for internal and external domain

  Hi All,
  I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
  We have an Active Directory domain myinternaldomain.net, and we have a public domain
  mypublicdomain.com and we have setup email policy to have
  mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
  mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
  hardware LB is out of scope due to budget constrains.
  We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
  that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
  Thanks

  Hi Sccmnb,
  You can easily achieve this using split DNS.
  Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
  Reverse proxy server IP.
  Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
  The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
  SN= mail.mypublicdomain.com
  SAN= autodiscover.mypublicdomain.com
  You don't need to have the active directory domain name present in the certificate.
  Additional  to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
  Some additional Info:
  *Internal vs. External Namespaces
  Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
  based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
  This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
  Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
  *Managing Certificates in Exchange Server 2013 (Part 2)
  *Nice step by step article
  Designing a simple namespace for Exchange 2013
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• SharePoint 2013 - Office Web Apps - Internal and External Use

  I have successfully installed SharePoint 2013 and Office Web Apps on Azure VMs inside an Azure Virtual Network (IaaS model). Everyting is working well. However, my testing has shown that external users and internal users can't use Office Web Apps at the
  same time.
  Office Web Apps, installed on its own vm, accomodates an external and internal URL quite well. However, SharePoint 2013 appears to only allow one setting for WOPI Zone, either internal or external but not both. I've set the WOPI zone to Internal-HTTPS (Set-SPWOPIZone
  –Zone “internal-https”). OWA works just fine if accessed from inside the Azure Virtual Network. However, if I try to access from outside the Virtual Network, from the Internet, Office Web Apps fails. The exact oppisite is also true. I can set WOPI Zone to
  External-HTTPS and accessing from the Internet works fine, but accessing inside the Virtual Network fails.
  Am I missing something? I, obviously, want Office Webs Apps to function properly for both internal and external users simultaneously.
  I appreciate any help anyone can provide here.
  Glenn

  Hi Glenn,
  To have both the use of Internet and Internal available to your end-users, you first need to configure AAM setting. Open Central Administration > Application Management > Configure alternate access mappings. Let's say there is an existing web application
  named http://sharepoint and my end-users from local network are able to access it using the URL http://sharepoint (root site collection). Here you need to add the Internet URL by select the web application and click Edit Public URLs. Add the Internet domain
  to the web application, e.g http://sharepoint.abc.com. You don't necessarily have to edit binding setting in IIS. Before continuing next steps, make sure you are able to access http://sharepoint.abc.com from the Internet while being able to access http://sharepoint
  from local network (aka Internal).
  On the machine where Office Web App (OWA) Server 2013 is installed, open PowerShell to add OWA module and use the following command to re-create a new OWA server farm if you've completed configuring it previously.
  New-OfficeWebAppsFarm -InternalUrl "http://owa" -ExternalUrl "http://owa.abc.com" -EditingEnabled.
  In this case, I'm not using SSL certificate to encrypt data over the Internet. You can use Internet-public IP of the OWA server like -ExternalUrl "http://198.xxx.xxx.xx". Add CertifcateName parameter if you want to use whether CA-issued certificate
  or self-signed certificate.
  On your SharePoint machine, you need to re-bind all WFE machines to WAC farm using the cmdlet New-SPWOPIBinding. Next, you need to set the WOPI zone for both internal and external.
  Set-SPWOPIZone -zone "external-http"
  Note: I'm not all using certificate in my guidance. But the steps to have it configured is just to add more parameter. 
  I've recently successfully deployed OWA multi-server farm for both internal and internet uses for two big clients. In real-world scenario, ideally OWA should be published through firewall (Forefront UAG, TMG, F5...etc). Please let me know if you still have
  issues after following my steps. My email: [email protected]
  Regards,
  -T.s
  Thuan Soldier
  A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
  SharePoint Vietnam |
  Blog | Twitter

• How to configure AD on windows 2012 server for Exchange 2013 internal and external email flow

  Dear Experts,
  I have to configure exchange 2013 on Windows server 2012 STD. Company has registered Static IP addresses and can get the MX record pointing to any of this Static IP.  
  The registered domain name is e.g.  contoso.com. 
  a. What should I use as domain name on AD? contoso.com or contoso.local
  b. Is it recommended to have two different servers  for AD and Exchange?
  c. What should be my connector settings for mail flow?
  d. how can I set 2 email servers in company for load balancing?

  Hi,
  a, I suggest use contoso.com as domain name. It is convenient to add urls into our certificate for internal and external mail flow.
  b, Recommended that installing AD
  and Exchange Server on two separate
  Servers. If Exchange Server downed unfortunately, it can prevent AD server from crushing at the same time.
  c, Found some articles for your reference:
  Configure Mail Flow and Client Access
  http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx
  Configuring Outbound Mail Flow in Exchange Server 2013
  http://exchangeserverpro.com/configuring-outbound-mail-flow-in-exchange-server-2013/
  d, Load Balancing
  http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Cisco ISE with both internal and External RADIUS Server

  Hi
  I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
  I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
  So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
  I will like to know if it is possible to configure it and how I can do it ?
  Thanks in advance for your help
  Regards
  Blaise

  Cisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
  Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
  The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same.

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Internal and External different set of menu for ESS

  Hi
  We have 2 portal server - Internal and External. The Portal are being used not.
  We are planning to implement ESS now in Portal. We are planning to provide two different set of options when the same user access internally and externally.
  For example, User XYZ access internally he will get menus ABCDE but the same user access from external he only gets manu AB.
  If anyone has implemented with similar concepts or know how to do it technically, kindly advice.
  Thanks
  Yuva

  Let us assume we have 3 internal groups :
  internalGroup_1 -> Role A, Role B
  internalGroup_2 -> Role C, Role D,
  internalGroup_3 -> Role E,
  and 2 external group :
  externalGroup_1 -> Role A,
  externalGroup_2 -> Role B,
  We add similar user under a group. and then roles are assigned to groups. in above example Role A , Role B is assigned to internalGroup_1.
  We can have a single user id in which is attached to interalGroup_1, interalGroup_2, interalGroup_3 , externalGroup_1and interalGroup_2.
  When user logon to Internal portal he will see role A, B,C,D and E
  and when user logon to internal  poral he will see role A,B.
  provided A,B,C,D,E roles should exist in internal protal and role A,B exist in External portal. You can use transport roles from external portal to internal portal.