Extend Source Control beyond our firewall?
Has anyone already accomplished this feat?
If so, how did you do it, and what would you do differently if you had to do it again?
Thanks much!
One answer
I am not the network security guy, I think you want to talk to them about what they learned over time.
One suggestion is to always put a caching proxy between the build farm and the RTC server(s).
Comments
Not sure what this entails. Can you please elaborate further?
Which part is unclear to you? This involves quite a bit networking so you need to have some knowledge about it.
Using VPN is probably the easiest way. Once the vendors authenticate through the VPN (and pass through the firewall), they are effectively "in" your private network (which is "behind" the firewall), and can work in the same way as the employees. If you ever work from home and need to access your company's network, you should know about this.
The other approach is open your RTC instance to the public (internet), just like the jazz.net sandboxes. Of course the server is also open for attacks at the same time. So you need to have sufficient network infrastructures to back it up. Also, in this case, your RTC public URI should have an FQDN that's registered on the Internet, not just your company's DNS.
The last bit about caching proxy is for increasing performance. The basic idea is that the proxy is close to, or local to the vendors so that the latency can be significantly reduced.