tenover
asked on
Making an ECM (OpenText Content Server 10) available to external parties over the internet
We are running OpenText Content Server 10 in our company. Currently our internal users access via a web interface or with a desktop client. We have a need to give access to a couple outside parties for collaboration. I am trying to find a secure solution to this but am banging my head against the wall.....Here's what I was thinking....Anyone have any suggestions? advice?
- Create a NAT policy on my firewall (SonicWall NSA3500) from one of our public IP to the internal IP of the server.
- Purchase a trusted cert and install on the server(IIS)
- Create local(app) accounts for these people in CS10 with limited access to ONLY the folders they need.
- If these folks are all connecting from just a few IP addresses, I could also limit access based on IP addresses.
Good idea? Bad idea?? We are trying to make this as easy as possible for the outside parties, so the executives really don't want to have to have them install a VPN client....
- Create a NAT policy on my firewall (SonicWall NSA3500) from one of our public IP to the internal IP of the server.
- Purchase a trusted cert and install on the server(IIS)
- Create local(app) accounts for these people in CS10 with limited access to ONLY the folders they need.
- If these folks are all connecting from just a few IP addresses, I could also limit access based on IP addresses.
Good idea? Bad idea?? We are trying to make this as easy as possible for the outside parties, so the executives really don't want to have to have them install a VPN client....
ASKER
That's what I figured. When you say "as long as the IIS server is locked down", do you mean with a secure certificate and no anonymous access, or something more?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Think of using Domains in the Content Server if you do have external contacts and internal. Domains will separate this groups by building a "separate virtual content server" for the external users. Domains are avaliable in 10/10.5 and 16
As long as the IIS server is secured and the user's passwords are strong, you shouldn't have an issue.