Webaccess Domain Best Practice

With GroupWise 8, best practice was to put the Webaccess domain on the same server as Webaccess. While designing our GW 2014 system security is much more important. In efforts to make GroupWise more secure, I don't think I like the idea any longer putting a secondary domain on a host that has direct internet access.

What are other people doing?

Tags:

  • kwhite;2345909 wrote:
    With GroupWise 8, best practice was to put the Webaccess domain on the same server as Webaccess. While designing our GW 2014 system security is much more important. In efforts to make GroupWise more secure, I don't think I like the idea any longer putting a secondary domain on a host that has direct internet access.

    What are other people doing?


    In short, no need for a secondary domain on the WebAccess server. I haven't done so since GroupWise 2012. As a note, it was not a necessity with GroupWise 8 and lower, as you could install the WebAccess agent on a server that was running on the LAN, and only install the WebApplication on the server in the DMZ.

    One main thing that has changed with WebAccess, as of GroupWise 2012, is that the WebAccess application doesn't make use of gwinter anymore (meaning there's no more Web Access agent component in 2012 and 2014). It's now a standalone (client) component that talks directly to the POA(s).

    So all you need is a SLES or Windows server in the DMZ and install and configure the WebAccess component on that.

    There are also no more eDir counterparts for WebAccess. All that is needed is a port opened to the POA's (for SOAP, which defaults to 7191) and since 2014 also port 8500 needs to be opened from POA(s) to the server running WebAccess. 8500 is needed for the auto refresh functionality that's new in WebAccess 2014.

    Cheers,
    Willem
  • Thanks


    >>> On 2/2/2015 at 3:56 PM, magic31<magic31@no-mx.forums.novell.com> wrote:


    kwhite;2345909 Wrote:

    > With GroupWise 8, best practice was to put the Webaccess domain on the
    > same server as Webaccess. While designing our GW 2014 system security
    > is much more important. In efforts to make GroupWise more secure, I
    > don't think I like the idea any longer putting a secondary domain on a
    > host that has direct internet access.
    >
    > What are other people doing?


    In short, no need for a secondary domain on the WebAccess server. I
    haven't done so since GroupWise 2012. As a note, it was not a necessity
    with GroupWise 8 and lower, as you could install the WebAccess agent on
    a server that was running on the LAN, and only install the
    WebApplication on the server in the DMZ.

    One main thing that has changed with WebAccess, as of GroupWise 2012, is
    that the WebAccess application doesn't make use of gwinter anymore
    (meaning there's no more Web Access agent component in 2012 and 2014).
    It's now a standalone (client) component that talks directly to the
    POA(s).

    So all you need is a SLES or Windows server in the DMZ and install and
    configure the WebAccess component on that.

    There are also no more eDir counterparts for WebAccess. All that is
    needed is a port opened to the POA's (for SOAP, which defaults to 7191)
    and since 2014 also port 8500 needs to be opened from POA(s) to the
    server running WebAccess. 8500 is needed for the auto refresh
    functionality that's new in WebAccess 2014.

    Cheers,
    Willem


    --
    Knowledge Partner (voluntary sysop)
    ------------------------------------------------------------------------
    magic31's Profile: https://forums.novell.com/member.php?userid=2303
    View this thread: https://forums.novell.com/showthread.php?t=481627