Internal and External Portals be hosted & Configured on Same Portal server?
Hi Experts,
Is it possible to host and configure the Internal portal and External Portal on the same portal server?
If yes, kindly provide the inputs.
We have a scenario wherein we have to use the same portal server for both kinds of users (Internal as well as External).
We want to provide separate URLs for both the portals and the datasource for the users management would be different for both the scenarios.
The user managemnet in case of Internal Portal has to be authenticated to an AD server whereas in case of External Portal the user management would be taken care by UME.
Please suggest and share some docs if possible.
Thanks & Regards,
Anurag
Hi,
Can we customise the Portal logon page for both the portals differently?
I've already customised the portal logon page by modifying the UME properties in the Config Tool but that was done keeping in mind the External Portal users. Now, we want to customise the page for Intranet users but with different options at the logon page.
How can we achieve this functionality as any property that we modify in either VA or Config Tool will affect both types of portal pages.
For an eg. we have a Self Registration link for the external users which we do not want for the Intranet users. How is this possible?
If we design a webdynpro java application for the logon page and for authentication purpose, can we call a home page iview on successful authentication?
And with this customised webdynpro java application, can we connect to the AD server for the user authentication?
Best Regards,
Anurag
Similar Messages
-
SiteMinder integration with the internal and external facing portals
Hi ,
We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
If you maintain 2 diff(external & internal) LDAP Directories in Siteminder Policy Server what about external users which are not exit in portal data source .
I appreciate if anyone can help me for my above query .
Regards
TagHey Tag,
We do have a physical external Portal and a physical internal portal. The both the external and internal are connected to 2 LDAP directories.
For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory. The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
So each one of them is connected to 2 different LDAP Directories.
I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server. Then each of the Policies is configured to connect to the approiate LDAP Directories.
You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server. It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
Hope that helps.
Regards,
Keith -
How to configure AD on windows 2012 server for Exchange 2013 internal and external email flow
Dear Experts,
I have to configure exchange 2013 on Windows server 2012 STD. Company has registered Static IP addresses and can get the MX record pointing to any of this Static IP.
The registered domain name is e.g. contoso.com.
a. What should I use as domain name on AD? contoso.com or contoso.local
b. Is it recommended to have two different servers for AD and Exchange?
c. What should be my connector settings for mail flow?
d. how can I set 2 email servers in company for load balancing?Hi,
a, I suggest use contoso.com as domain name. It is convenient to add urls into our certificate for internal and external mail flow.
b, Recommended that installing AD
and Exchange Server on two separate
Servers. If Exchange Server downed unfortunately, it can prevent AD server from crushing at the same time.
c, Found some articles for your reference:
Configure Mail Flow and Client Access
http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx
Configuring Outbound Mail Flow in Exchange Server 2013
http://exchangeserverpro.com/configuring-outbound-mail-flow-in-exchange-server-2013/
d, Load Balancing
http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
Hope it is helpful
Thanks
Mavis
Mavis Huang
TechNet Community Support -
How to Setup RDS custom property when internal and external domain name space is different
Hi All
I am setting up RDS for customer
My internal domain name is domain.local and my external domain is domain.com
I came across below PowerShell cmdlets on some blogs because my internal and external name space are different
Set-RDSessionCollectionConfiguration –CollectionName QuickSessionCollection -CustomRdpProperty “use redirection server name:i:1 `n alternate full address:s:remote.domain.com”
In above command, remote.domain.com points to which host?
Is it pointing to RD Session Broker
OR
Pointing to RD Session Host servers
I am not sure what above command will do exactly ?
Any help will be highly appreciated
Thanks Best Regards MaheshHi,
It all depends who is accessing the RDS Solution.
If you have a large BYOD or large number of external users, it would be better to use a public certificate.
Have a look at the following script which will simplyfy the configuration of the RDSH hosts with certificates.
http://ryanmangansitblog.com/2014/05/20/rds-2012-rdsh-certificate-deployment-script/
You can use a custom RDP property to hide the Session host names.
Have a look at the following article on configuring certificates:
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
Ryan Mangan | Ryanmangansitblog.wordpress.com | Help keep the forums tidy, if this has helped please mark it as an answer -
SharePoint 2013 - Office Web Apps - Internal and External Use
I have successfully installed SharePoint 2013 and Office Web Apps on Azure VMs inside an Azure Virtual Network (IaaS model). Everyting is working well. However, my testing has shown that external users and internal users can't use Office Web Apps at the
same time.
Office Web Apps, installed on its own vm, accomodates an external and internal URL quite well. However, SharePoint 2013 appears to only allow one setting for WOPI Zone, either internal or external but not both. I've set the WOPI zone to Internal-HTTPS (Set-SPWOPIZone
–Zone “internal-https”). OWA works just fine if accessed from inside the Azure Virtual Network. However, if I try to access from outside the Virtual Network, from the Internet, Office Web Apps fails. The exact oppisite is also true. I can set WOPI Zone to
External-HTTPS and accessing from the Internet works fine, but accessing inside the Virtual Network fails.
Am I missing something? I, obviously, want Office Webs Apps to function properly for both internal and external users simultaneously.
I appreciate any help anyone can provide here.
GlennHi Glenn,
To have both the use of Internet and Internal available to your end-users, you first need to configure AAM setting. Open Central Administration > Application Management > Configure alternate access mappings. Let's say there is an existing web application
named http://sharepoint and my end-users from local network are able to access it using the URL http://sharepoint (root site collection). Here you need to add the Internet URL by select the web application and click Edit Public URLs. Add the Internet domain
to the web application, e.g http://sharepoint.abc.com. You don't necessarily have to edit binding setting in IIS. Before continuing next steps, make sure you are able to access http://sharepoint.abc.com from the Internet while being able to access http://sharepoint
from local network (aka Internal).
On the machine where Office Web App (OWA) Server 2013 is installed, open PowerShell to add OWA module and use the following command to re-create a new OWA server farm if you've completed configuring it previously.
New-OfficeWebAppsFarm -InternalUrl "http://owa" -ExternalUrl "http://owa.abc.com" -EditingEnabled.
In this case, I'm not using SSL certificate to encrypt data over the Internet. You can use Internet-public IP of the OWA server like -ExternalUrl "http://198.xxx.xxx.xx". Add CertifcateName parameter if you want to use whether CA-issued certificate
or self-signed certificate.
On your SharePoint machine, you need to re-bind all WFE machines to WAC farm using the cmdlet New-SPWOPIBinding. Next, you need to set the WOPI zone for both internal and external.
Set-SPWOPIZone -zone "external-http"
Note: I'm not all using certificate in my guidance. But the steps to have it configured is just to add more parameter.
I've recently successfully deployed OWA multi-server farm for both internal and internet uses for two big clients. In real-world scenario, ideally OWA should be published through firewall (Forefront UAG, TMG, F5...etc). Please let me know if you still have
issues after following my steps. My email: [email protected]
Regards,
-T.s
Thuan Soldier
A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
SharePoint Vietnam |
Blog | Twitter -
Cisco ISE with both internal and External RADIUS Server
Hi
I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
I will like to know if it is possible to configure it and how I can do it ?
Thanks in advance for your help
Regards
BlaiseCisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same. -
Unable to activate internal and external urls at the same time
Hi,
We have Configured EBS R12 in DMZ setup as described in Figure F-9 of metalink note 380490.1 ,Option 2.4: Using Reverse Proxy with no External Web Tier.
refering to 726953.1 Case History: Implementing a Reverse Proxy Alone in the DMZ Configuration - R12.
but Not able to activate internal and external urls at the same time in this configuration. Only the node where last autoconfig was run getting activated as web node.
When trying to accees the url of the other node it gets redirected to the url (where autoconfig is last run).and for this error observed is Error Code:502 Proxy Error.The specified Secure Sockets Layer (SSL) port is not allowed.(12204).
For both external and internal services are UP.opmn status is live no error.
Using Apache as reverse proxy.
EXTERNAL Reverse proxy settings:
s_login_page http://LONWEB01.process.com:81/OA_HTML/AppsLogin
<TIER_DB oa_var="s_isDB">NO</TIER_DB>
<TIER_ADMIN oa_var="s_isAdmin">NO</TIER_ADMIN>
<TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
<TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
<TIER_NODE oa_var="s_isConc">NO</TIER_NODE>
<TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
<TIER_NODEDEV oa_var="s_isConcDev">NO</TIER_NODEDEV>
<TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
INTERNAL Middle Tier settings:
s_login_page http://stprojapp01.test.com:8005/OA_HTML/AppsLogin
<TIER_DB oa_var="s_isDB">NO</TIER_DB>
<TIER_ADMIN oa_var="s_isAdmin">YES</TIER_ADMIN>
<TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
<TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
<TIER_NODE oa_var="s_isConc">YES</TIER_NODE>
<TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
<TIER_NODEDEV oa_var="s_isConcDev">YES</TIER_NODEDEV>
<TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
Are we missing anything....
Thanks & RegardsHi,
Finally it's resolved...Following is the solution thought to share in the forum:
The configuration of the E-Business Suite environment for DMZ requires profile options hierarchy type to be set
to SERVRESP.
To change the profile options hierarchy type values to SERVRESP, execute the following SQL script as
shown below:
sqlplus / @/patch/115/sql/txkChangeProfH.sql SERVRESP
After successfully completing the above sql script, run Autoconfig in all nodes to complete the profile options configuration.
It's resolved after doing this.. -
Internal and External different set of menu for ESS
Hi
We have 2 portal server - Internal and External. The Portal are being used not.
We are planning to implement ESS now in Portal. We are planning to provide two different set of options when the same user access internally and externally.
For example, User XYZ access internally he will get menus ABCDE but the same user access from external he only gets manu AB.
If anyone has implemented with similar concepts or know how to do it technically, kindly advice.
Thanks
YuvaLet us assume we have 3 internal groups :
internalGroup_1 -> Role A, Role B
internalGroup_2 -> Role C, Role D,
internalGroup_3 -> Role E,
and 2 external group :
externalGroup_1 -> Role A,
externalGroup_2 -> Role B,
We add similar user under a group. and then roles are assigned to groups. in above example Role A , Role B is assigned to internalGroup_1.
We can have a single user id in which is attached to interalGroup_1, interalGroup_2, interalGroup_3 , externalGroup_1and interalGroup_2.
When user logon to Internal portal he will see role A, B,C,D and E
and when user logon to internal poral he will see role A,B.
provided A,B,C,D,E roles should exist in internal protal and role A,B exist in External portal. You can use transport roles from external portal to internal portal. -
Internal and External Reconciliations
I am looking to find out what the differences are with Internal and External Reconciliations.
I am not sure if I need to use Internal or External when doing Manual Reconciliations in banking.
Thanks!
DaynaI am trying to figure out how to use the bank reconciliation process. I keep seeing reference to an "expert sesion" and a link to it. However I get an Access Denied message when I try the link.
Help. ? If this "expert session" is on the Partner Portal, how are we lowly Customer to get it?
"External reconciliation is used for bank reconciliation , however when you go in detail , you have to use internal reconciliation for Business partner and Vendor .
https://websmp206.sap-ag.de/~sapidb/011000358700000050892007E
Review this expert session ,bank statement processing in CA... -
Internal and external switches on server 2012 r2
this is driving me nuts.
I have a vm with an internal and external switch.
I am trying to get backups to route to the host machine using the internal switch only.
I've gone all over priorities and the routes are all fine but the data will constantly go over the external switch.
If i disable external switch traffic goes over internal switch just fine.
I've read about the automatic detection of least cost routing on the internal switch but just can not get it to run correctly.
please help
DougAll settings below.
backup traffic should run from 192.168.200.4 > 192.168.200.2 over internal NIC
VM Settings
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #3
Physical Address. . . . . . . . . : 00-15-5D-37-0E-04
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.200.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-37-0E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.100.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.3
NetBIOS over Tcpip. . . . . . . . : Enabled
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.4 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.100.0 255.255.255.0 On-link 192.168.100.4 261
192.168.100.4 255.255.255.255 On-link 192.168.100.4 261
192.168.100.255 255.255.255.255 On-link 192.168.100.4 261
192.168.200.0 255.255.255.240 On-link 192.168.200.4 276
192.168.200.4 255.255.255.255 On-link 192.168.200.4 276
192.168.200.15 255.255.255.255 On-link 192.168.200.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.100.4 261
224.0.0.0 240.0.0.0 On-link 192.168.200.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.100.4 261
255.255.255.255 255.255.255.255 On-link 192.168.200.4 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.100.1 Default
===========================================================================
HOST Settings
Ethernet adapter vEthernet (Internal-NIC):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-15-5D-37-0E-02
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::744b:bbc1:e067:5592%48(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.200.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 805311837
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet Host:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 4-port 331FLR Adapter #4
Physical Address. . . . . . . . . : A0-D3-C1-05-24-BF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3412:1255:61dc:3e3c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCPv6 IAID . . . . . . . . . . . : 211866561
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet Host:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 4-port 331FLR Adapter #4
Physical Address. . . . . . . . . : A0-D3-C1-05-24-BF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3412:1255:61dc:3e3c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCPv6 IAID . . . . . . . . . . . : 211866561
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.45.46 276
169.254.45.46 255.255.255.255 On-link 169.254.45.46 276
169.254.255.255 255.255.255.255 On-link 169.254.45.46 276
192.168.100.0 255.255.255.0 On-link 192.168.100.2 276
192.168.100.2 255.255.255.255 On-link 192.168.100.2 276
192.168.100.255 255.255.255.255 On-link 192.168.100.2 276
192.168.200.0 255.255.255.240 On-link 192.168.200.2 261
192.168.200.2 255.255.255.255 On-link 192.168.200.2 261
192.168.200.15 255.255.255.255 On-link 192.168.200.2 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.45.46 276
224.0.0.0 240.0.0.0 On-link 192.168.100.2 276
224.0.0.0 240.0.0.0 On-link 192.168.200.2 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.45.46 276
255.255.255.255 255.255.255.255 On-link 192.168.100.2 276
255.255.255.255 255.255.255.255 On-link 192.168.200.2 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.100.1 Default
Doug Hardy -
ILife with both internal and external hard drives?
I've been considering switching from a homebrew, multi-boot desktop to a MacBook for my primary computer, in part so I can hang out with my family in the living room rather than be exiled to the home office when I want to compute.
But here's my concern: I have media. We have about 50 GB of iTunes; maybe 30 GB of iPhoto; and tons and tons of digital video that would be stored in iMovie. Obviously the libraries are all interlinked. And it's all growing. I also like to rip DVDs and re-encode them for my iPod and AppleTV. Right now, my desktop has 480 GB of internal storage and that's just about enough.
I have discovered that the MacBook only comes with an option up to 250 GB. I absolutely need AppleCare, so I can't get an aftermarket hard drive. (All my Macs break - this one from the office that I'm on right now has a bum DVD drive, and my wife's has needed both fan and logic board replacements.)
While I'm aware of the existence of external hard drives, I'm concerned about Apple's non-external-hard-drive-friendly way of storing iLife data. If I wanted to keep more recent or useful music and photos on the internal drive but older stuff on an external, and still be able to use iLife seamlessly, would that be possible? (I see myself editing recent video in the living room, but then hooking back into the external HD in the office if I need older stuff.)
What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
Thanks!Sascha Segan1 wrote:
.. What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
all iApps (iPhoto, iTunes, iM08) support usage of external drives as 'mass storage' devices.. you can tell all apps which drive to use for the Libraries.. there some tools out there, which even allow the usage of 2/many different Libraries in iTunes/iPhoto..
for iM in detail: the Projects are small files, and should stay internal (allthough I'm discribing a 'hack' on my site: http://karsten.schluter.googlepages.com/im08tricks Project Library (and Events) on External Harddrive); the Events (=GBs) could be located on as much ext. HDDs as you want..
but ...
all iApps are single-user .. you can NOT 'share' Libraries to 2/many different users; the idea of a 'media server' which hosts/shares all kind of data to all kind of users is not 'on concept' of iLife .. -
WLC Internal and External DHCP
I am currently using the Internal DHCP component within my 5508 Controller with software version 7.0.166.0. This seems to be working fine as the Vlan Routed interface connected to it via the Dynamic Trunk Port is functioning as l have the ip-helper command setup on this specific vlan interface..
My issue now is that we have a isolated ADSL Network which is configured off our Core 6513 but just as a Layer 2 Vlan so no traffic can be routed to other vlans.
With our new WIFI environment which consists of the 5508 Controller and numerous 3502 AP's we wont to utilize this ADSL vlan with our new WIFI environment.. This ADSL Vlan has a dedicated Linksys Router which is currently running DHCP and assigning addresses to clients at the moment..
What l want to do is configure the 5508 controller to use this ADSL vlan aswell but to also keep using the Linksys Router aswell for DHCP..
I have setup a new dynamic interface and added the ADSL Vlan ID to the Trunk port of the 5508 and also setup its own SSID. But for some reason l cannot get both the internal and External DHCP servers to work at the same time ? If l enable DHCP Proxy option on the 5508 the internal DHCP server works and when l disable DHCP Proxy the ADSL Vlan DHCP works through the 5508 but not the internal DHCP Server ??
Can l get both the internal and external DHCP servers to work in harmony or should l be focusing on using one method over the other ?Hey Scott l have just tried configuring another scope for the L2 Vlan but it doesn't seem to be working when l add the ip address of the management interface which is the internal DHCP Server to the dynamic interface of this adsl network l have setup l dont seem to get a ip address within this scope ?
I am just wandering seeing it is just a L2 vlan without a routed interface would this be the problem and would need to set this up with the "ip helper-address" of the management interface ?
Cheers SG -
Internal and external facing applicaitons on same infrastructure
I'm looking for suggestions on the best way to architect an apex production environment where you may have two or three apps open to the public and 10 or more for internal access only. All of the apps (regardless of public or private) are running on the same APEX instance, DB, app tier and web tier.
We are using the APEX Listener on Weblogic for the app tier with an OHS webserver and Load Balancer in front of everything.
The Load Balancer houses all of our certificates and has the ability to perform iRules to make more friendly urls.
Our approach is to assign each app (ie https://someurl.com/apex/f?p=APPID) a static IP from the load balancer and then firewall public/private based on APPID to prevent internal only apps from being reached outside the network.
Unfortunately the iRule friendly url rewrite isn't able to mask the APPID from the URL (https://someurl.com/apex/f?p=200) which currently allows anyone the ability to change the APPID parameter of the URL and cycle through all the apps regardless of the firewall rule in place to prevent it from being publicly accessible.
For example, if we have the following apps deployed and the only one which is allowed open to the internet is app 100, the url rewrite isn't able to mask APPID of 100 (or the APP Alias if used).
Publicly accessible:
https://someurl.com/apex/f?p=100 (192.168.25.100)
Internal only access:
https://somedifferenturl.com/apex/f?p=200 (192.168.25.200)
https://anotherurl.com/apex/f?p=250 (192.168.25.250)
https://subdomain.someurl.com/apex/f?p=300 (192.168.25.300)
I could navigate to the publicly accessible url https://someurl.com/apex/f?p=100 and change the APPID for one of (200,250,300) and still access those apps which should not be open to the internet.
from the internet browsing directly to https://somedifferenturl.com/apex/f?p=200 or https://anotherurl.com/apex/f?p=250 or https://subdomain.someurl.com/apex/f?p=300 would all result in a page not found error since their ip's are not accessible directly from the internet.
What is the best practice to overcome the above scenario and utilize shared infrastructure for internal and external facing applications? Is mod_rewrite my only other option to accomplish this setup and bypass the load balancer?Hi Jeff,
I'm not sure if this is the ideal recommendation, but I know of a way you could block the "internal-only" applications from being accessed externally.
1) Create a function which inspects the CGI environment variables, e.g., HTTP_HOST, HTTP_PORT, etc. Using this information, you determine if the request is emanating from an internal server name or an external server name.
2) Create an authorization scheme which returns FALSE if the host/port/other CGI isn't what you expect.
3) Apply this authorization scheme to every application you wish to keep from an external site.
I know this isn't ideal, as you have to add this to every "internal-only" application. And if you forget an application, then this application suddenly becomes available on the Internet. But it's one way. If all of the applications are in the same workspace, you could define this authorization scheme in one application and subscribe to it from the other applications.
Joel
P.S. From SQL Commands, you can see all of the CGI environment variables at your disposal using:
begin
owa_util.print_cgi_env;
end; -
Best practises regarding Internal and External access to SIM
Currently we have two separate Active Directories one internal and one in the DMZ and plan to have one SIM on an segmented network allowing access for our internal users directly to SIM UI and external users thru portlets that talks to SIM.
The external AD hosts some internal users that also needs access to the DMZ applications so we can save efforts in managing to separate SIM environments in development, tests, upgrades, unique UID etc...
What are the best practices on the market is this a preferred choice with only one SIM or with one SIM internally and one SIM in DMZ hosting suppliers, customers etc?
With a single SIM environment are you allowing internal users accessing SIM from Internet to change internal AD password or have you restricted the functionality in some way for internal users accessing SIM from internet?
How about challenge response questions are you allowing users to have the same both internally and externally or setup different for different user interfaces?
Anyone willing to share how your environment is setup for internal and external access?Yes for handling the access to the SIM we probably need to look into some kind of access management solution to get it to work in a secure way.
The question is a bit complex with many different factors controlling the outcome of the SIM implementation, but I hope to get some idées with this thread of how we can solve it.
The question still remains if its common to have one or to SIM's and what internal users is allowed to do in SIM from Internet.
Ex are internal users allowed to change their password in internal Active Directory thru SIM from Internet or what have others done to limit the functionality? -
Exchange 2013 DNS for internal and external domain
Hi All,
I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
We have an Active Directory domain myinternaldomain.net, and we have a public domain
mypublicdomain.com and we have setup email policy to have
mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
hardware LB is out of scope due to budget constrains.
We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
ThanksHi Sccmnb,
You can easily achieve this using split DNS.
Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
Reverse proxy server IP.
Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
SN= mail.mypublicdomain.com
SAN= autodiscover.mypublicdomain.com
You don't need to have the active directory domain name present in the certificate.
Additional to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
Some additional Info:
*Internal vs. External Namespaces
Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
*Managing Certificates in Exchange Server 2013 (Part 2)
*Nice step by step article
Designing a simple namespace for Exchange 2013
Regards,
Satyajit
Please“Vote As Helpful”
if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.
Maybe you are looking for
-
Router Speed should match the FiOS Internet Speed
I have FiOS 75 Mbps down /35 Mbps up. It works like a charm when I am wired RJ45. However, I have family members that use their iPads, and wireless laptops to connect. The Verizon FIOS Router MI424WR (g) that I was given when I ordered the above se
-
How to convert a boolean expression into a number in SQL (not PL/SQL)
I have a boolean expression FIELD IN (SELECT FIELD FROM TABLE) which I would like to convert into a number, preferably into 0 for true and into 1 for false. The reason being that I want to sum the values in a HAVING clause. I have tried with DECODE,
-
Csutil.exe error in ACS 4.1 for Windows
Hi, When I try to list VSAs created on the ACS by running csutil.exe -listUDV at the cmd prompt I get the error "can not initialize schemelayer". What could be the problem?
-
Hello out there, I am looking for a Dreamweaver tutorial that DOES NOT have pages/templates etc already set up in the lesson. I am trying to learn to build a page COMPLETELY from scratch. The online lessons all start with pre made pages. I want to le
-
Problem with mail after downloading lion
i just loaded lion. opened mail, i have new messages however they will now open in the reading pane "loading"