Using the External User feature
Moderator: SourceGear
Using the External User feature
Maybe a not so quick question.
Our Dragnet server is sitting inside our network and everyone internally has no problems accessing it what so ever. Now a new requirement has come out to let client's enter their own issues. No problem, if using the External User option.
However, external users cannot access the Dragnet server, since it is deep within our network. Since Dragnet is one big Web Service (quote stolen from another topic i had read here), could we install Vault on a server that is accessable to the outside world and have it use the web service that is hosted on our existing Dragnet server inside our network (assume lots of network configurations has occurred to only allow the external server to access the internal server)? Don't ask why we wouldn't just open up HTTP and port 80 to everyone to access the internal server and not just the external server.
Is this doable through the Dragnet config file? Any other options? I just don't want to move our Dragnet server to where it is accessable to the outside world (call me lazy); I am afraid that we would loose the Vault/Dragnet integration (for both authorization and the check-in feature).
Thanks,
Richard Walden
Our Dragnet server is sitting inside our network and everyone internally has no problems accessing it what so ever. Now a new requirement has come out to let client's enter their own issues. No problem, if using the External User option.
However, external users cannot access the Dragnet server, since it is deep within our network. Since Dragnet is one big Web Service (quote stolen from another topic i had read here), could we install Vault on a server that is accessable to the outside world and have it use the web service that is hosted on our existing Dragnet server inside our network (assume lots of network configurations has occurred to only allow the external server to access the internal server)? Don't ask why we wouldn't just open up HTTP and port 80 to everyone to access the internal server and not just the external server.
Is this doable through the Dragnet config file? Any other options? I just don't want to move our Dragnet server to where it is accessable to the outside world (call me lazy); I am afraid that we would loose the Vault/Dragnet integration (for both authorization and the check-in feature).
Thanks,
Richard Walden
Richard:
There is nothing that states the Vault server and Dragnet Web application need to be installed on the same machine. You can place either piece in a DMZ, outside your firewall, inside your firewall, or on any combination of these machines.
If you do place the server in a place publicly accessible, I would strongly recommend placing the SQL Server back end in a safe, secure location, and then allow traffic from the outside server ( on a known port ) have access to the SQL Server.
Other than that, the only other requirement when using integrated Dragnet/Vault, is the Dragnet Web app be able to hit the Vault Service ( for Vault authentication ), and the Vault Server be able to hit the Dragnet Web service.
It might be easier to answer this question if you provided the scenario you wish to configure. For example :
- Dragnet in DMZ ( since it is to be accessible to the outside world ).
- SQL Server on internal machine.
- Vault Server on internal machine.
From this we should be able to get an insight of your planned configuration.
There is nothing that states the Vault server and Dragnet Web application need to be installed on the same machine. You can place either piece in a DMZ, outside your firewall, inside your firewall, or on any combination of these machines.
If you do place the server in a place publicly accessible, I would strongly recommend placing the SQL Server back end in a safe, secure location, and then allow traffic from the outside server ( on a known port ) have access to the SQL Server.
Other than that, the only other requirement when using integrated Dragnet/Vault, is the Dragnet Web app be able to hit the Vault Service ( for Vault authentication ), and the Vault Server be able to hit the Dragnet Web service.
It might be easier to answer this question if you provided the scenario you wish to configure. For example :
- Dragnet in DMZ ( since it is to be accessible to the outside world ).
- SQL Server on internal machine.
- Vault Server on internal machine.
From this we should be able to get an insight of your planned configuration.
Jeff Clausius
SourceGear
SourceGear
This is what I hope to do:
Dragnet on external server (for external users only)
Dragnet on internal server (for internal users only)
Vault on internal server (for internal users only)
Have Dragnet on external server use the web service on the Dragnet box that is internal to store issues on Sql Server, that is on an internal box.
Dragnet on external server (for external users only)
Dragnet on internal server (for internal users only)
Vault on internal server (for internal users only)
Have Dragnet on external server use the web service on the Dragnet box that is internal to store issues on Sql Server, that is on an internal box.
Well, the external server would really only be used to allow external users to add issues only, like the server/dragnet/External/AddItemExternal.aspx?pid=101 type functionality. From a time perspective, we just don't have the time to build a page to mimic the functionality and consume the webservice functionality. That would be the only use of the external server. Is there no way to just have those pages refer back to the internal web service? Does it always assume that the web service is local to the page?
If you don't mind restarting IIS ( in case project information changes ), I don't think there would be a problem if AddItemExternal was the only functional piece of an "external" Dragnet service. In a case like this it "should" with two servers.rcwalden wrote:Well, the external server would really only be used to allow external users to add issues only, like the server/dragnet/External/AddItemExternal.aspx?pid=101 type functionality.
Now getting back to your question about Vault authentication ( in the other thread ). Just use the internal name Vault name with VaultService postfixed on the end. Since the external Dragnet Web App is only serving AddItemExternal pages, and external users do not authenticate against Vault, everything should take the FQDN to VaultService.
HTH
Jeff Clausius
SourceGear
SourceGear
You wouldn't use the same web service for both servers. You would point to the same database for both dragnet servers. Each Dragnet server would use it's own web service to connect to the database.
Please email me directly and include your phone number in the email (use the link at the bottom). Someone here will call you to discuss what you are wanting to do.
Please email me directly and include your phone number in the email (use the link at the bottom). Someone here will call you to discuss what you are wanting to do.
Mary Jo Skrobul
SourceGear
SourceGear
Mary Jo,
Just to let you, and everyone else know, we did install Dragnet on on two seperate servers, one internal and one external, and had them both point to the same db server and it does appear that all is well with this configuration.
I would, however, would like to put on the wish list, the ability for multiple instances of Dragnet to use a central Dragnet web service. It is much easier to open up port 80 over HTTP then to convience my network guys to open up a TCP port through our firewall between our data center and our internal network.
Thanks for your help.
Richard
Just to let you, and everyone else know, we did install Dragnet on on two seperate servers, one internal and one external, and had them both point to the same db server and it does appear that all is well with this configuration.
I would, however, would like to put on the wish list, the ability for multiple instances of Dragnet to use a central Dragnet web service. It is much easier to open up port 80 over HTTP then to convience my network guys to open up a TCP port through our firewall between our data center and our internal network.
Thanks for your help.
Richard