I second the VPN strategy. There are VPN clients that can be loaded over the web through any external computer (or phone/tablet) so there's really no reason to avoid VPN really. Plus that offers a lot more security since they have to have an account to get in so you know who they are rather than letting outside people try to get in anonymously.
Also, a lot of what you do really depends on who you are targeting. If it's employees, VPN is absolutely the right answer. If it's external customers, then I wouldn't give them access to Remedy except through some customer portal or application that has an integration with Remedy (through the firewall.) Thanks, Shawn Pierson Remedy Developer | Energy Transfer From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Rick Cook Sent: Thursday, February 20, 2014 6:47 PM To: [email protected] Subject: Re: Questing on accessing our Remedy/ITSM system outside of the corporate network ** I would consider the VPN strategy, or perhaps an email interface. Exposing the Mid-tier outside the DMZ can be done safely, but requires cooperation with your network security team. Rick ** Yup, same here. We had a little internal rift internally between a few teems. Team X decided that servers didn't need to be placed in the DMZ to expose to the outside world; they would just proxy to the LAN via F5 load balancer. Team Y said no thank you, we should not have servers that are exposed to the world inside the main LAN. So it is possible but you may need to consider if it is a good idea or even acceptable practice. Jason On Thu, Feb 20, 2014 at 3:02 PM, LJ LongWing <[email protected]<mailto:[email protected]>> wrote: ** Howard, A reverse proxy exposed to the internet would be one way I have seen it done On Feb 20, 2014 3:54 PM, "Howard Richter" <[email protected]<mailto:[email protected]>> wrote: ** Good morning, afternoon and evening all, I just got asked if there was a way to access our Remedy/ITSM system outside of the corporate network, if there are no parts (i.e. mid-tiers) in the DMZ. They are thinking that they can use some magic with SSO and federation to do this. We are using the JSS plugin (which is great) for our ITSM 7.6.4. system. So my first answer is no, one would need to have a mid-tier (or even an arserver) on a box in the DMZ and then give a method to access that system or open a firewall port (not very safe). However, as I get older I have started to ask if I might be wrong., maybe someone else has found a way to do this. So is there some method where one could access the system if they were not on the corporate network (and a firewall was blocking access to the system inside the network). Also I remember a doc, that BMC produced, that showed how to build out a system that would have external access. So if someone has an idea what it might be. Let me know. As always take care and be well, Howard _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
