CMC Imaging‎ > ‎Contact‎ > ‎Help‎ > ‎

Docuware 6.x and the DMZ

posted Jun 27, 2016, 7:48 AM by Craig Williams
It used to be that you could drop Docuware into the DMZ and forward all the requests from the web to Docuware services thru the firewall.

The new architecture of Docuware makes this risky.  The parts of Docuware on the server have direct access to the database server which puts your system at risk.  
So what do you do?

REVERSE PROXY

You may already be familiar with Proxy services where folks INSIDE your network attach to a Proxy server which cloaks and protects your inside network by limiting the INSIDE access from the OUTSIDE.  This technique is the same just in reverse. It protects the INSIDE by limiting the OUTSIDE from getting in.  

IN this case you wil need an IIS Server in the DMZ and you will build a Application Route to the inside of your network, limiting the exposure of Docuware thru Routing.  In Microsoft IIS, this is called Application Request Routing or ARR. Depending on your skill level, reverse proxy is not all that difficult.  

You can find on the Microsoft website help called 

Reverse Proxy with URL Rewrite v2 and Application Request Routing
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

As of 6/2016 version 2 is the most recent version. About a third of the way down there is a section for Configuration/Enabling etc.
In this section you add your INSIDE web server location.
Example:

In your office Docuware is located at :

http://myserver/Docuware/    << this is the address you are going to forward to

This opens access to the service but not the server. Pretty neat, very clean and works very well.  This is HIGHLY recommended from Microsoft not just for Docuware but for ANYONE running direct access objects in the DMZ.




Comments