Brian, I might be wrong on the version numbers but the issue you are talking about... with SmartReporting opening from ITSM, is an internal cross authentication that happens and when SSO is used, it affects usability in that email links from smart reporting don't work unless you authenticate to ITSM first. Evidently, BMC has "addressed this" but we need to upgrade to AR v9.x sp1 or 2? Not sure on this one but def know we need an upgrade!
Sent from my iPhone > On Dec 8, 2016, at 5:19 PM, Brian Pancia <[email protected]> wrote: > > ** > Thanks for the feedback so far. > > > Vinod - we do have a mid-tier and a smartreporting server public facing and > then another set private facing. We've had mid-tier setup like this for > years, which works perfect. I can log directly into SmartReporting on the > public side all day. I just can't get mid-tier to take the setting in the > config page. I actually tried to load both mid-tier and smartreporting on > the same server too in test to get away from the cert configurations between > servers. No luck. > > > Lee - absolutely no performance issues at all doing this. From a security > standpoint I believe this is the only way you should setup your web tier (I'm > sure that's open for debate). I'm trying to move our small subset of users > on the private side to move over to the public side. That would give us less > servers to maintain. > > > Tauf - I'm waiting to hear back from RoD Ops Team. I think the issues are > SSL and NAT. Not sure if they are completely independent issues or somewhat > related. Unfortunately I can't turn off the SSL enforcement on the public > facing side to test that. I am curious on the SSO side of the house also. > SmartReporting once integrated into ITSM will log you in auto-magically. > That could very well be the issue also. That authentication won't happen > because of the address translation, which triggers the error configuring this > in mid-tier. I wonder now if load balancers would cause a bunch of issues > too with SmartReporting. > > > Brian > > > From: Action Request System discussion list(ARSList) <[email protected]> on > behalf of Tauf Chowdhury <[email protected]> > Sent: Thursday, December 8, 2016 4:18 PM > To: [email protected] > Subject: Re: SmartReporting over SSL in DMZ > > ** > Not sure about Control M. Truesight does not support Okta, which is what we > use for our SSO and we have no need to make it publicly available so it's not > a huge issue for us. > We built Truesight in AWS > > Sent from my iPhone > > On Dec 8, 2016, at 4:09 PM, Lee Cullom <[email protected]> > wrote: > >> ** >> Really? Does it work for Truesight and Control-M too? It would be great to >> pull information from all of them. I would like to see how that is all put >> together! You’re the first delighted RSR customer I’ve seen, so maybe the >> key is go on-demand for everything. >> >> >> >> >> >> >> >> From: Action Request System discussion list(ARSList) >> [mailto:[email protected]] On Behalf Of Tauf Chowdhury >> Sent: Thursday, December 8, 2016 11:09 AM >> To: [email protected] >> Subject: Re: SmartReporting over SSL in DMZ >> >> >> >> ** >> >> The environment I'm currently using is Remedy onDemand and SmartReporting >> works fine with no performance issues.. essentially over the public >> internet. >> >> Maybe ask BMC guys to speak to their RoD Ops team >> >> Sent from my iPhone >> >> >> On Dec 8, 2016, at 10:36 AM, Lee Cullom <[email protected]> >> wrote: >> >> ** >> >> Ick, not only will this be a nightmare to configure, but then the >> performance is going to be a disaster. Turn back! >> >> >> >> >> >> >> >> Lee Cullom | Northcraft Analytics >> >> IT Metrics Specialist | Business Intelligence Applications for IT >> >> Direct – 678-438-7244 | http://www.northcraftanalytics.com >> >> Main - (678) 664-ITSM >> >> <image001.png><image002.png><image003.png> >> >> What is Northcraft Analytics? Find out in 87 Seconds. >> >> >> >> From: Action Request System discussion list(ARSList) >> [mailto:[email protected]] On Behalf Of Vinod Gaidhani >> Sent: Wednesday, December 7, 2016 1:23 PM >> To: [email protected] >> Subject: Re: SmartReporting over SSL in DMZ >> >> >> >> ** >> >> Hi Brian, >> >> >> >> We also had similar situation not for smart reporting but for actual midtier >> access, basically you will need help from your network team which generally >> ask you to host one midtier in DMZ zone [public ip] which in turn talks to >> your private network setup. Not sure how much BMC can help here considering >> its internal to your infra/network but can take guidance from them for >> performance perspective. >> >> Thanks, >> >> Vinod Gaidhani. >> >> >> On Dec 7, 2016, at 6:14 PM, Brian Pancia <[email protected]> wrote: >> >> ** >> >> Trying to setup SmartReporting over SSL in a DMZ. DMZ users are using a >> public IP and the servers have private IP's setup. We can setup everything >> behind the firewall using private IP's. Using the private IP's doesn't work >> from a user standpoint, so we need to use the public IPs for the >> SmartReporting/Mid-Tier config. This is a standard web architecture from a >> security standpoint. The configuration in Mid-Tier controls the Smart >> Reporting link in ITSM. I'm not sure what else it does. Support has not >> been able to find an answer for this. Has anyone else been able to get this >> configuration to work. We are on 9.1 >> >> >> >> Thanks, >> >> >> >> Brian >> >> >> >> DISCLAIMER: The information contained in this e-mail and its attachments >> contain confidential information belonging to the sender, which is legally >> privileged. The information is intended only for the use of the recipient(s) >> named above. If you are not the intended recipient, you are notified that >> any disclosure, copying, distribution or action in reliance upon the >> contents of the information transmitted is strictly prohibited. If you have >> received this information in error, please delete it immediately. _ARSlist: >> "Where the Answers Are" and have been for 20 years_ >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ > _ARSlist: "Where the Answers Are" and have been for 20 years_ > DISCLAIMER: The information contained in this e-mail and its attachments > contain confidential information belonging to the sender, which is legally > privileged. The information is intended only for the use of the recipient(s) > named above. If you are not the intended recipient, you are notified that any > disclosure, copying, distribution or action in reliance upon the contents of > the information transmitted is strictly prohibited. If you have received this > information in error, please delete it immediately. _ARSlist: "Where the > Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
