Skip to main content


 

Symptoms


Dear Support,

In our current environment K2 and all its components including smart form, black pearl are installed on single server on a DMZ network. K2 services are published over internet and K2 integration are established with other systems (DMZ and non DMZ). e.g. AD, Exchange

In order to increase our network security we are planning to move K2 server to a Non DMZ Environment and publish the K2 services using web application firewall.
Our development environment is on non-DMZ however as initially it was suggested that production environment should be on DMZ, we need to check if there is any limitation that may arise on moving it to non DMZ(Intranet) Environment. Also let us know if is a suggested or not suggested topology for K2.

Also we noticed MSMQ and MDTC are required component for K2 so kindly confirm if they done need any specific access on non DMZ



 

Diagnoses


There should be no limitations on having K2 in a non DMZ environment including the DB the K2 uses. and since MSMQ and DTC are cnfigured internally on the k2 server machine there will be no issues for K2.

http://community.k2.com/t5/K2-blackpearl/Firewall-Ports-and-Protocols/td-p/39497

however other solutions and artefacts that communicate with k2 in the new environment is your responsibility.
 

Resolution

There should be no limitations on having K2 in a non DMZ environment including the DB the K2 uses. and since MSMQ and DTC are cnfigured internally on the k2 server machine there will be no issues for K2.

http://community.k2.com/t5/K2-blackpearl/Firewall-Ports-and-Protocols/td-p/39497

however other solutions and artefacts that communicate with k2 in the new environment is your responsibility.




 
Be the first to reply!

Reply