cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Web Console access from Internet

Jump to solution

This is a pre-deployment question for an upcoming installation.

We plan to install SAM, NPM and Engineers Toolset on a dedicated server in our production network.  We want to be able to access the web console from the Internet.  Can we use an additional web service instance in the DMZ that acts as a proxy to the main Solarwinds instance?  We would need secure 443 access (not 80 as described in the Port Requirements for SolarWinds document) and LDAP and certificate authentication to the web console in the DMZ.

Rgds,

Paul

1 Solution
Level 17

Paul, That is a perfect use case for the Additional Web Server. See the 'Segment Deployments' illustration below

Orion Architecture

View solution in original post

9 Replies
Level 17

Paul, That is a perfect use case for the Additional Web Server. See the 'Segment Deployments' illustration below

Orion Architecture

View solution in original post

Level 10

In addition to HolyGuacamole's comment, I'd just want to add that you can definitely do SSL with the site.  See Enabling SSL/HTTPS for Orion Web site and SolarWinds Knowledge Base :: Enabling SSL (https) for Orion Web Console. In terms of user management, you can configure Active Directory integrated access to the site.

Level 16

I had a case running on this to just confirm everything before i configure SSL for my URL. What the support engineer told me is that, i just need to select the right certificate and edit the bindings. He also informed that the KB of updating the DB is not required any more for latest versions.

Has anyone come across this?

Level 14

This is correct.  Everything that you stated above can easily be done and you will not need to update the DB as was stated.  The certificates will need to be installed and the bindings will need to be set as well as deleting the port 80 binding (after you confirm SSL is working).  Or you can configure the redirect.

Level 16

Great..thanks for confirming this.

One more thing... all my scheduled reports and everything will work fine right?

Level 14

Yes.  They will!  The change is only in IIS and not actually the SolarWinds application.  The only changes that would possibly be needed would be if you created custom links to predefined http address.  You would then have to change it to https.  If you use the local help files, you would have to change that setting to https too.

0 Kudos
Level 16

Cool...post change if i do see any abnormal behavior then will write back here..

Thanks again...

Level 10

If you don't include a SAN (EDIT: SAN in the certificate) for the netbios name and you're in an intranet situation (as opposed to browsing always by FQDN), it breaks some alerting link variables in alerts - the acknowledge alert link will have to be rebuilt; I had to modify the link to node URL variable as well.  It can be fixed.  For example:

New Method

<a href=https://<FQDN>/link/Orion/Netperfmon/AckAlert.aspx?AlertDefID=${N=Alerting;M=AlertID}>Link to acknowledge alert</a>

Old Method (that does not work any longer, just for reference)

AlertDefID=${N=Alerting;M=AlertID}>Link to acknowledge alert</a>

Level 16

Thanks for this.. will keep an eye if i come across this,

0 Kudos