Firewalls › Examples of Typical Firewall Scenarios › Example - Rich Client and Database Tier Separated From BusinessObjects Enterprise Servers by a Firewall › Configure Tiers Separated from BusinessObjects Enterprise Servers by a Firewall
Configure Tiers Separated from BusinessObjects Enterprise Servers by a Firewall
To configure tiers separated from BusinessObjects Enterprise servers by a firewall
- Apply the following communication requirements to this example:
- The Publishing Wizard must be able to initiate communication with the CMS on both of its ports.
- The Publishing Wizard must be able to initiate communication with the Input File Repository Server and the Output File Repository Server.
- The Connection Server, every Job Server child process, and every Processing Server must have access to the listen port on the reporting database server.
- The CMS must have access to the database listen port on the CMS database server.
- Configure a specific port for the CMS, the Input FRS, and the Output FRS. Note that you can use any free port between 1,025 and 65,535.
The port numbers chosen for this example are listed here:
- Central Management Server
-
6411
- Input File Repository Server
-
6415
- Output File Repository Server
-
6416
- We do not need to configure a port range for the Job Server children because the firewall between the job servers and the database servers is configured to allow any port to initiate communication.
- Configure Firewall_1 to allow communication to the fixed ports on the BusinessObjects Enterprise servers that you configured in the previous step. Note that port 6400 is the default port number for the CMS Name Server Port and did not need to be explicitly configured in the previous step.
|
Port
|
Destination Computer
|
Port
|
Action
|
|
Any
|
boe_2
|
6400
|
Allow
|
|
Any
|
boe_2
|
6411
|
Allow
|
|
Any
|
boe_2
|
6415
|
Allow
|
|
Any
|
boe_2
|
6416
|
Allow
|
Configure Firewall_2 to allow communication to the database server listen port. The CMS (on boe_2) must have access to the CMS database and the Job Servers (on boe_3) must have access to the reporting database. Note that we did not have configure a port range for job server child processes because their communication with the CMS did not cross a firewall.
|
Source Computer
|
Port
|
Destination Computer
|
Port
|
Action
|
|
boe_2
|
Any
|
Databases
|
3306
|
Allow
|
|
boe_3
|
Any
|
Databases
|
3306
|
Allow
|
- This firewall is not NAT-enabled, so the hosts file does not need to be configured.
Copyright © 2010 CA.
All rights reserved.
|
|