on 10-27-2005 12:20 AM
Hi,
Let's say we would like to deploy the ITS on the internet and intranet to allow access for CATS Time Entry - webgui.
Assuming two DMZ zones: an outer one facing the internet and containing Security Proxy (Web servers/Reverse Proxy)and another DMZ inner zone containing the ITS servers such as:
Internet>Firewall>Security Proxy>Firewall>ITS(wgate+agate)>Optional Firewall>SAP R/3 and DB.
That way, I will keep both the wgate and agate on same server inside the inner DMZ zone while having two network cards: 1 internet users and the 2nd one for intranet users.
Will ITS work with such a configuration? Or is the architecture suggested in the SAP documentation the only one possible? i.e. by placing the wgate on the web server of the outer DMZ zone, such as:
Internet>Firewall>WebServer+Wgate>Firewall>Agate>Optional Firewall>SAP R/3 and DB
Thanks
Tobi
Yep, no problem.
Of course you have to open the according ports i.e.
Secure proxy -> Firewall -> webserver/wgate
for http(s) access on the according ports
AGate -> Firewall -> R3
the Agate AND Iacor(publishing) connectivity to R3
You will have to play around with configurations to allow internal and external access, since they are probably in different (sub) domains. This will influence the URL generation(wgate/agate), SSO (if used), etc.
Search for ITS notes on "reverse proxy" and look at them carefully, especially the ones with headermanipulation.
A good one to start with is note 838783.
Regards,
Fekke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry Tobi,
I missed the status on that one; it is a worked example of the documentation on http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
Here are the relevant public notes (some are explained in the "old" 610 wgate configuration form but most of the parameters have 1-to-1 counterpart in the 620 XML registry; i.e. it it only a matter of notation)
688295 ITS Best Practices: WGate configuration ITS 6.20
507293 ITS and Reverse Proxies
582445 ITS and Reverse Proxies - more Info on headermanipulation
494984 ITS WGATE manipulate HTTP headervariables
720480 ITS620 WGate configuration (wgate-config) description
Regards,
Fekke
Hi Tobi,
I would not recommend you to use the same ITS server for both internet and intranet users at the same time. If by any reason some hacker is getting control about your ITS server there is a good chance he can access your intranet through the channel you opened up in your firewall configurations for you intranet users. I'd rather use a diffrent server for the intranet users.
regards Ralph
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.