Exposing JAZZ to the outside world
Has anyone exposed their JAZZ instance to the outside world? I'd like to hear on your implementation/troubles.
We are in the process of exposing our JAZZ instance to our customers (external companies). Internally we support users from two different networks, both stand-alone Windows AD forests. We however are currently using tomcat for user management. One of the security concerns from our security group is password aging/security features.
Another concern is our network groups ptoposed implementation. We are currently running https internally. Management has suggested to drop https internally and encrypt the traffic going externally (https ?). My concern here is the URI and whether this would work. I don't claim to be a network/web guru but if external users are using https://jazz..... and our URI is http://jazz ... would this be a problem?
Norm
2 answers
The best would be protect your internal URI with a Proxy:
http://www-01.ibm.com/support/knowledgecenter/SSCP65_5.0.2/com.ibm.jazz.install.doc/topics/c_reverse_proxy.html?lang=en
https://jazz.net/wiki/bin/view/Deployment/InstallProxyServers
Mind also the ports that you would need to open on your firewall:
http://www-01.ibm.com/support/docview.wss?uid=swg21414896
http://www-01.ibm.com/support/docview.wss?uid=swg21397169
Comments
I am aware of firewall and proxy configs, My main concern is security - both from the web traffic concerns as well as access to data. We have many customers and some just need to create service requests for their systems, others can be a true collaboration in that they can access data.
Our "Security" group groups wants us to drop https so that their F5 device can scan incoming traffic.
Leesen