You are viewing limited content. For full access, please sign in.

Question

Question

To DMZ Forms Or Not To DMZ Forms?

Forms Installation and Upgrades
Updated January 21, 2020
asked on January 21, 2020

Looking at the internal communication that has to happen when setting up Forms in a DMZ, why not just setup the primary Forms server in the DMZ itself? I can see in some cases where the separation is good if you don't want internal users to access the outside world for some reason and it may also cause some extra traffic going out of the internal network, but what else?

Since you have to open the DMZ Forms server to talk with the LFDS server, SQL, internal Forms server, and the Laserfiche Server, why not just put the primary Forms server in the DMZ itself if you are not worried about internal users accessing the outside world? You would need to open communication with the Workflow server, but are there any reasons you wouldn't want to do that? This is all under the assumption that you are using LFDS authentication.

0 0

Replies

replied on January 21, 2020 Show version history

Here's a few reasons why we wouldn't want to put our primary Forms server in the DMZ.

  1. Automatic Login vs Login Page
    • Internally, we have automatic authentication enabled so our domain users can open Forms and be logged in automatically.
    • Externally, we need to show the login page so vendors and some others with LFDS accounts can enter their credentials.
  2. Limiting Data Sources
    • We have several databases connected to Forms for lookups and there are a few that we don't want to work externally.
      • For data sources that we want to work in both internal/external forms, we use a SQL login.
      • For internal-only data sources, we use a domain account; when accessing Forms from the DMZ, the associated lookups do not work.
  3.  Cross-site Scripting
    • We currently have several processes that embed WebLink, the Web Client, and other internal sites/apps in Forms and if they are not hosted on the same server, browsers will block JavaScript interactions (There are several reasons we would not want to host all of the embedded content on the DMZ server).
  4. Workload
    • This won't apply to everyone, but we process about 20,000 form submissions per month and have around 150+ users working in Forms during business hours. The separation between a "public" site for submissions and an "internal" site for processing has proven valuable for breaking up the server traffic/load and limiting the potential for public activity to bog down the internal site.

 

I'm sure there are other reasons people might have, but these are the ones off the top of my head.

3 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...