You are viewing limited content. For full access, please sign in.

Question

Question

Access 2 WebLink intances via 1 server

WebLink
Updated May 29, 2020
asked on May 27, 2020

Hi there,

This is kind of based on this question here but not quite: https://answers.laserfiche.com/questions/61679/Weblink-Instances-with-Public-Portal-Licensing

We have a query from a customer regarding their internal staff needing read only access using their AD credentials. The issue is we are already using 1 public portal weblink license which allows for 25 public users to go through and access this website. The permissions for this has been built up in the company over years and years, at this point changing this is at the minute just isn't an option.

There is now a company need (and I think this is probably true for most customers this size at the minute) to have read access to a larger section of the repository to internal users. 

Obviously because 1 side of the instance is public and the other internal we need a way to seperate these.

I have attached a diagram of how I see this working.

 

My questions are:

 

1) Is it possible to have 2 WebLink instances (licenses / websites) on the same server at one time without touching the original WebLink installation and license.

2) If not; is it possible to change the web login to add an if statement - If it's accessing outside the VPN and internal website then use the public user. If not, go grab the AD user credentials and use that instead.

3) Is there an easier way to access our existing WebLink instance to grab AD users without touching the Public user we have set up to access Weblink just now. Possibly related to Q.2

 

0 0

Answer

SELECTED ANSWER
replied on May 27, 2020

You can "copy" the Weblink virtual directory in IIS and share the license pool between the two sites.  Jason made a nice set of instructions for doing this in What's the "correct" way to create multiple WebLink directories? 

You then set the new copy up to use Windows authentication.  Your users that will access the repository just through WebLink need to be set as "Read Only" so they pull from the WebLink license pool and do not need a named license assigned to them.  You can use a group membership to assign the read only status.

3 0
replied on May 27, 2020

Thanks for this Bert looks exactly what I'm looking for, cheers. 

0 0

Replies

replied on May 27, 2020

The real challenge you are going to run into when you try to put this all on one machine is doing it in a secure way while still being able to use domain authentication. In your proposed diagram, is the server machine on your domain or in a DMZ not on your domain? If it's not on your domain then your internal user's AD credentials will not be recognized, but if it is on your domain then you have external users and attackers being able to directly access a domain machine.

I would recommend moving the WebLink server inside your domain and placing a reverse proxy in your DMZ. This allows you to use AD credentials while not giving external users direct access to a domain machine. Also note that the VPN doesn't come into the solution - your "internal" users would still go through the reverse proxy, and in fact don't need to be connected to the VPN. It would be possible for VPN users to access the WL server directly instead of going through the proxy, but I'm not sure there's a real benefit to that.

1 0
replied on May 27, 2020

If I'm being honest we are quite hands off on customers machines regarding Networking and the DMZ. It sits on the domain just now and they are moving to Azure in the future. We do have a server for Web Apps, would this be the one that would sit in the DMZ (it would be use for Forms and Weblink). Again, we're happy to have another instance of Weblink if licensing permits and sit this on the external facing server and have another Weblink instance on internal. 

0 0
replied on May 29, 2020

You'll want to check with your RM to confirm any licensing questions, but my understanding is that the WebLink license is good for a single installation.

0 0
replied on May 29, 2020

I had a look and the WebLink sits on a DMZ so we're moving to start a test if we get the second site tested as suggested below. Looks like it was set up to be working this way a little while ago so looks like we might have some success on this. Thanks for the help on this one. 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...