We are currently developing an ASP.NET application that is interfacing with the mainframe through EntireX RPC to Natural Subprograms. We are trying to plan how the Production Environment should be setup. What needs to be in the DMZ, what needs to be inside the Firewall, access to the mainframe, etc. This will be a secured site with a User Id and Password required.
Would some of you please explain how your production environments are setup? Additonal information that would be helpfull: Two tier or three tier; do you use a Radius for authentication; IIS server in the DMZ; IIS server inside the Firewall?
Thanks!
If your IIS is in a DMZ (which is common for public, internet applications), you will need a firewall port open to your mainframe IP address and Broker port. If you are primarily working with internal users on the intranet, your IIS would be inside the firewall, on the intranet.
Intranet applications may choose to authenticate directly with Windows authentication and allow the users ?anonymous? access to the mainframe services, either by not using EntireX Security or by supplying an application role id (generic id) to authenticate to EntireX Security, similar to what would be done for a public intranet application. An alternative is to not use Windows authentication, but have a logon prompt request the user?s mainframe (SAF ? RACF, Top Secret or ACF2) userid and password, passing these on the Broker logon to EntireX Security for authentication and authorization to use the EntireX services. Combined with a Natural Security logon (NaturalLogon = true, LOGONRQ=ON), the backend application will see the Natural Security logon id in *USER.
A combination of these may also work, depending on your existing network environment. If the user is already logged into the domain, their Windows authentication can be automatically passed to IIS, perhaps allowing the user general, common access. For more sensitive areas and/or for updates, the SAF logon would ensure that Natural back-end applications know who the user is.
If you have more questions, please elaborate on the environment, type of application and security concerns you are dealing with.
Douglas Kelly,
Principal Consultant
Software AG, Inc
Sacramento, California