All, It was a very strange hallway conversation. Someone put an idea out that using some magic with SSO and then they can have access to the system.
Currently the only access is internally, either local on our net or via VPN (and using SSO or a fixed password) Also if someone knows of any doc that shows how to put (or the Architecture) on the safe way of pushing it out there, please let me know. Like maybe just pushing SRM. Thanks, Howard From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Rick Cook Sent: Thursday, February 20, 2014 7:47 PM To: [email protected] Subject: Re: [arslist] Questing on accessing our Remedy/ITSM system outside of the corporate network ** I would consider the VPN strategy, or perhaps an email interface. Exposing the Mid-tier outside the DMZ can be done safely, but requires cooperation with your network security team. Rick ** Yup, same here. We had a little internal rift internally between a few teems. Team X decided that servers didn't need to be placed in the DMZ to expose to the outside world; they would just proxy to the LAN via F5 load balancer. Team Y said no thank you, we should not have servers that are exposed to the world inside the main LAN. So it is possible but you may need to consider if it is a good idea or even acceptable practice. Jason On Thu, Feb 20, 2014 at 3:02 PM, LJ LongWing <[email protected]<mailto:[email protected]>> wrote: ** Howard, A reverse proxy exposed to the internet would be one way I have seen it done On Feb 20, 2014 3:54 PM, "Howard Richter" <[email protected]<mailto:[email protected]>> wrote: ** Good morning, afternoon and evening all, I just got asked if there was a way to access our Remedy/ITSM system outside of the corporate network, if there are no parts (i.e. mid-tiers) in the DMZ. They are thinking that they can use some magic with SSO and federation to do this. We are using the JSS plugin (which is great) for our ITSM 7.6.4. system. So my first answer is no, one would need to have a mid-tier (or even an arserver) on a box in the DMZ and then give a method to access that system or open a firewall port (not very safe). However, as I get older I have started to ask if I might be wrong., maybe someone else has found a way to do this. So is there some method where one could access the system if they were not on the corporate network (and a firewall was blocking access to the system inside the network). Also I remember a doc, that BMC produced, that showed how to build out a system that would have external access. So if someone has an idea what it might be. Let me know. As always take care and be well, Howard _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ Click here<https://www.mailcontrol.com/sr/BT5+TeOqCrfGX2PQPOmvUkD3gJB7pb3pTJxxV!uS2jwiwUSHxmMm5dotDg7klALJ6bXfSMeJ5nizR1Lppn2zgQ==> to report this email as spam. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
