It's all about the answers!

Ask a question

Exposing JAZZ to the outside world


Norman Dignard (27945591) | asked Oct 15 '15, 8:00 a.m.

Has anyone exposed their JAZZ instance to the outside world?  I'd like to hear on your implementation/troubles.

We are in the process of exposing our JAZZ instance to our customers (external companies).   Internally we support users from two different networks, both stand-alone Windows AD forests.   We however are currently using tomcat for user management.  One of the security concerns from our security group is password aging/security features.

Another concern is our network groups ptoposed implementation. We are currently running https internally.  Management has suggested to drop https internally and encrypt the traffic going externally (https ?). My concern here is the URI and whether this would work. I don't claim to be a network/web guru but if external users are using https://jazz..... and our URI is http://jazz ...  would this be a problem?

Norm

    

2 answers



permanent link
Leesen Padayachee (89674) | answered Oct 15 '15, 8:20 a.m.
 Hi Norman

I successfully implemented one of my clients Jazz instance over the internet. In short, http internally and https externally is a big NO-NO. I am abit busy right now, but I have a made a note to give you more information about the many levels of frustrations we went through to get this done :-)

Regards,
Leesen

Comments
Norman Dignard commented Oct 16 '15, 8:05 a.m.

Hi Leesen - thanks for getting back to me.  I'll be looking forward to hear on your solution and troubles you experienced.


Norman Dignard commented Oct 18 '15, 6:20 p.m.

Would you have a few quick highlights that I can dwell on? We have a meeting to discuss this early in the week.

I'd appriecate any tidbits you can give.

Regards

Norm


permanent link
Isabel Murakami (3811313) | answered Oct 28 '15, 9:37 a.m.
Hi Norman
The best would be protect your internal URI with a Proxy:
http://www-01.ibm.com/support/knowledgecenter/SSCP65_5.0.2/com.ibm.jazz.install.doc/topics/c_reverse_proxy.html?lang=en
https://jazz.net/wiki/bin/view/Deployment/InstallProxyServers

Mind also the ports that you would need to open on your firewall:
http://www-01.ibm.com/support/docview.wss?uid=swg21414896
http://www-01.ibm.com/support/docview.wss?uid=swg21397169



Comments
Norman Dignard commented Dec 21 '15, 9:21 a.m.

I am aware of firewall and proxy configs,  My main concern is security - both from the web traffic concerns as well as access to data.   We have many customers and some just need to create service requests for their systems, others can be a true collaboration in that they can access data. 

Our "Security" group groups wants us to drop https so that their F5 device can scan incoming traffic.    

Your answer


Register or to post your answer.