Filr Proxy VA

Idea ID 2781553

Filr Proxy VA

In case of Filr implementation in DMZ you have to create a lot of exceptions for Firewall Policies to make Filr places in DMZ working with File Servers, LDAP Sources etc. placed into Internal Network. That will be good if there will be something like Filr Proxy which will be placed in the Internal Network and interact with Filr VA placed in DMZ via REST calls, for instance. In this case only 80/443 ports will be opened in Internal Firewall which is much more secure.
5 Comments
Contributor.
Contributor.
I never put the File VA in the DMZ. I always simply put a Reverse Proxy / HA Proxy in front of the Filr VA running in the LAN.
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
Reverse Proxy etc is a usual thing which we have to use today to realize this scenario. That leads to extra costs which might be minimized if Filr can do all of these things by himself. We have REST support in Filr at the moment, I think such kind or intellectual routing is the next step forward. Anyway we have some recommendations regarding where to place Filr in the network: https://www.novell.com/documentation/filr-3/filr-overvw/data/filr_in_network.html As you can see everywhere here Filr mentioned to be placed in a DMZ which leads to a lot of headache with Internal Firewall. Actually Idea I posted based on customer's request, we're planning to implement a big geo-spreaded Filr installation with a lot if Filr VAs spreaded across Russia. Customer need something like "central access point" to all of Filr services, at the same time they don't want to create a lot of rules and exceptions in their firewalls. They got this schema from our product documentation site :) Yes, I recommended to think about Reverse Proxy because this is the only solution at the moment. But they would like to hear anything from us about our plans regarding things like I described in my initial post.
Contributor.
Contributor.
So what you are actually requesting is a (potentially) highly distributed filr system, which aggregates multiple filr appliances into one big unified system where access to one filr appliance gives the user transparent access to all data on all filr appliances and at the same time requires only minimal firewall configuration.
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
Exactly, that's what will be the best: distributed Filr System where Filr itself decided where to send user's request. I'm not sure about "gives the user access to ALL data", I think customers will be asking for managed access, not full. I think it might be realized via REST - probably I'm wrong here as I'm not a developer and my REST skills might be weak, but, at least for now I think that REST is the solution. Probably I wasn't clear enough with initial description, sorry for my weak English.
Absent Member.
Absent Member.
Noted
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.