cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Internet facing ITS

Go to solution
Former Member

on ‎10-27-2005 12:20 AM

0 Kudos

Hi,

Let's say we would like to deploy the ITS on the internet and intranet to allow access for CATS Time Entry - webgui.

Assuming two DMZ zones: an outer one facing the internet and containing Security Proxy (Web servers/Reverse Proxy)and another DMZ inner zone containing the ITS servers such as:

Internet>Firewall>Security Proxy>Firewall>ITS(wgate+agate)>Optional Firewall>SAP R/3 and DB.

That way, I will keep both the wgate and agate on same server inside the inner DMZ zone while having two network cards: 1 internet users and the 2nd one for intranet users.

Will ITS work with such a configuration? Or is the architecture suggested in the SAP documentation the only one possible? i.e. by placing the wgate on the web server of the outer DMZ zone, such as:

Internet>Firewall>WebServer+Wgate>Firewall>Agate>Optional Firewall>SAP R/3 and DB

Thanks

Tobi

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-28-2005 12:08 PM
0 Kudos

Yep, no problem.

Of course you have to open the according ports i.e.

  • Secure proxy -> Firewall -> webserver/wgate

for http(s) access on the according ports

  • AGate -> Firewall -> R3

the Agate AND Iacor(publishing) connectivity to R3

You will have to play around with configurations to allow internal and external access, since they are probably in different (sub) domains. This will influence the URL generation(wgate/agate), SSO (if used), etc.

Search for ITS notes on "reverse proxy" and look at them carefully, especially the ones with headermanipulation.

A good one to start with is note 838783.

Regards,

Fekke

Show replies
Show replies
Former Member
‎10-31-2005 9:22 PM
0 Kudos

Hi Fekke,

Thanks for your feedback, however, when I tried to access note 838783, it tells me the note is not released.

Can you copy it and post it in here?

Thanks,

Tobi

Former Member
‎11-01-2005 9:13 AM
0 Kudos

Sorry Tobi,

I missed the status on that one; it is a worked example of the documentation on http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

Here are the relevant public notes (some are explained in the "old" 610 wgate configuration form but most of the parameters have 1-to-1 counterpart in the 620 XML registry; i.e. it it only a matter of notation)

688295 ITS Best Practices: WGate configuration ITS 6.20

507293 ITS and Reverse Proxies

582445 ITS and Reverse Proxies - more Info on headermanipulation

494984 ITS WGATE manipulate HTTP headervariables

720480 ITS620 WGate configuration (wgate-config) description

Regards,

Fekke

Former Member
‎11-01-2005 2:47 PM
0 Kudos

Hi Fekke,

Thanks a lot again.

Regards,

Tobi

Answers (1)

Answers (1)

ralph_resech
Explorer
‎11-03-2005 3:23 PM
0 Kudos

Hi Tobi,

I would not recommend you to use the same ITS server for both internet and intranet users at the same time. If by any reason some hacker is getting control about your ITS server there is a good chance he can access your intranet through the channel you opened up in your firewall configurations for you intranet users. I'd rather use a diffrent server for the intranet users.

regards Ralph

Show replies
Show replies
Ask a Question