Skip to main content

We are looking to implement TAS for MWO onto our App9  system but it’s all getting confusing as to what network setting we need and where the TAS needs to be.

On the diagrams I got from the Exposing to Internet document, it implies that the TAS needs to be inside our network but our tech guys are thinking the TAS should be IN the DMZ, NOT the Intranet?

Has anyone set up TAS on Apps9 and how have you configured your network for best security. We do not want to expose IFS directly to the outside world as it’s secure behind the firewalls.

SHOULD TAS & MWO be in the DMZ? Is that the correct place to put it?

Thanks

Hi @RogerB ,

Have you gone through the below documentation on the Touch Apps Server installation?

http://f1web/f1docproj/apps9sp/Foundation1/010_overview/430_touch_apps/040_touch_app_server/default.htm

Best regards,

Dharshika


HI @RogerB ,

 

We use Azure AD for authentication for IFS Application and Touch Apps.  We have a reverse proxy setup in the DMZ which forwards calls to the TAS for touch applications and to the IFS Middleware server for accessing the IFS Application.   We use a separate FQDN, port and certificate for TAS than we do for accessing IFS  Application.  

 

You may wish to review the information located here which is how to access IFS Application from the Internet.  Scroll down and near the bottom is a section about Touch App Server.

https://docs.ifs.com/techdocs/foundation1/010_overview/210_security/090_exposing_to_internet/default.htm 

 

https://docs.ifs.com/techdocs/foundation1/010_overview/210_security/090_exposing_to_internet/examples.htm

 

IFS recommend the use of a reverse proxy in the DMZ to protect the TAS, the proxy can’t rely on cookies.

 

Regards,

William Klotz


Thanks for those replies

Dharshika - I had not seen that set of pages specifically but had seen bits. I will review them and see if they help

William - Yes, I had seen that document and that was where the confusion arose. When I showed those examples to our network guys, they were confused by the way our network is set up in comparison to the examples.

We think we would need the last example as it’s more like how we are set up but why would we need the IFS DB idP authentication connection?.

Does this mean the user on their hand held device has to log on to IFS first, THEN they can connect to the TA server?

Thanks again though for giving me more to think about. 


Thanks again both

I have gone through ALL the documents you suggested and between them and the ones we had already found, I think that they have clarified the firewall/proxy queries we were having with our Tech guys.

Our TAS is in the right place (this time) and we just need to complete the setup of the fqdn/certificate with a firewall/proxy rules that connects direct to the TAS where authentication and MWO traffic can be passed on to IFS Apps.

Fingers crossed we can proceed now and get this working at last. :relaxed:


HI @RogerB ,

 

We use Azure AD for authentication for IFS Application and Touch Apps.  We have a reverse proxy setup in the DMZ which forwards calls to the TAS for touch applications and to the IFS Middleware server for accessing the IFS Application.   We use a separate FQDN, port and certificate for TAS than we do for accessing IFS  Application.  

 

You may wish to review the information located here which is how to access IFS Application from the Internet.  Scroll down and near the bottom is a section about Touch App Server.

https://docs.ifs.com/techdocs/foundation1/010_overview/210_security/090_exposing_to_internet/default.htm 

 

https://docs.ifs.com/techdocs/foundation1/010_overview/210_security/090_exposing_to_internet/examples.htm

 

IFS recommend the use of a reverse proxy in the DMZ to protect the TAS, the proxy can’t rely on cookies.

 

Regards,

William Klotz

Hi William,

 

Just picking up on a point you made here you use Azure AD for Apps 9?

 

Thanks

Jon