Votes

2

Filr Proxy VA

by: Ivan L. | over a year ago | Virtual Appliance
Cast your vote or comment ...
return to idea list

In case of Filr implementation in DMZ you have to create a lot of exceptions for Firewall Policies to make Filr places in DMZ working with File Servers, LDAP Sources etc. placed into Internal Network. That will be good if there will be something like Filr Proxy which will be placed in the Internal Network and interact with Filr VA placed in DMZ via REST calls, for instance. In this case only 80/443 ports will be opened in Internal Firewall which is much more secure.

by: Ivan L. | over a year ago | Virtual Appliance

Comments

  • I never put the File VA in the DMZ. I always simply put a Reverse Proxy / HA Proxy in front of the Filr VA running in the LAN.

    by: Georg F. | over a year ago

  • Reverse Proxy etc is a usual thing which we have to use today to realize this scenario. That leads to extra costs which might be minimized if Filr can do all of these things by himself. We have REST support in Filr at the moment, I think such kind or intellectual routing is the next step forward.
    Anyway we have some recommendations regarding where to place Filr in the network: https://www.novell.com/documentation/filr-3/filr-overvw/data/filr_in_network.html
    As you can see everywhere here Filr mentioned to be placed in a DMZ which leads to a lot of headache with Internal Firewall. Actually Idea I posted based on customer's request, we're planning to implement a big geo-spreaded Filr installation with a lot if Filr VAs spreaded across Russia. Customer need something like "central access point" to all of Filr services, at the same time they don't want to create a lot of rules and exceptions in their firewalls. They got this schema from our product documentation site :)
    Yes, I recommended to think about Reverse Proxy because this is the only solution at the moment. But they would like to hear anything from us about our plans regarding things like I described in my initial post.

    by: Ivan L. | over a year ago

  • So what you are actually requesting is a (potentially) highly distributed filr system, which aggregates multiple filr appliances into one big unified system where access to one filr appliance gives the user transparent access to all data on all filr appliances and at the same time requires only minimal firewall configuration.

    by: Georg F. | over a year ago

  • Exactly, that's what will be the best: distributed Filr System where Filr itself decided where to send user's request. I'm not sure about "gives the user access to ALL data", I think customers will be asking for managed access, not full. I think it might be realized via REST - probably I'm wrong here as I'm not a developer and my REST skills might be weak, but, at least for now I think that REST is the solution.
    Probably I wasn't clear enough with initial description, sorry for my weak English.

    by: Ivan L. | over a year ago

  • Noted

    by: Devadas K. | over a year ago