jrmhscht Super Contributor.
Super Contributor.

Install Web servers in a DMZ network


We are planning to install AA6. I am referencing the architecture layout here: https://www.netiq.com/documentation/advanced-authentication-60/install-upgrade-guide/data/b1kch8db.html#b1kch8de

We typically install web servers in a DMZ network and database servers on our internal network. The documentation references what ports are used, but does not specify what the client and server are for each connection. Does anyone have documentation on what ports need to be opened between the web servers and the internal db servers (each direction). I also would need to know what connections the web servers make to the internet? For example, which server would make the connection to trello for sms/phone?

Would it be better to put all four servers in our external DMZ?

We haven't finalized the purchase yet, but I can open an SR once we have that finished if that is a better option.

2 Replies
tsschindler Absent Member.
Absent Member.

Re: Install Web servers in a DMZ network

The documentation has the necessary ports listed here: https://www.netiq.com/documentation/advanced-authentication-60/install-upgrade-guide/data/firewall.html

Please note the part at the top of the section marked "IMPORTANT." You may consider putting all the servers in your corporate internet and then reverse proxies in your DMZ.

In regards to which server sends the SMS, I believe it would be the one that is receiving the authentication request (though I would clarify this with a SR.)
Micro Focus Contributor
Micro Focus Contributor

Re: Install Web servers in a DMZ network

Hi gentlemens,
I would like to warn you that all architecture diagrams shown that external endpoints connecting to AAF through LoadBalancer. So we strongly do not recommend to put any AAF into DMZ. I will ask team to add this warning to documentation.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.