cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Portal in DMZ

Former Member

on ‎05-26-2011 3:57 PM

0 Kudos

Dear all,

We want to implement a portal where external customers will login to this portal and so do the employees as ESS is deployed on this one. The portal needs to be external facing portal. We have installed the portal and available on network but need to part of the internet too. What are my options for this? How do configure?

1. Should I use reverse proxy in DMZ?

2. Should I use SAP web dispatcher?

Or 3. Any other option (other then FP)

What is the best practice for this kind of installation?

Your early responce is appreciated.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎05-27-2011 7:44 AM
0 Kudos

Hi Kedar,

I think you should use a reverse proxy instead of Web Dispatcher. I prefer to use Apache for reverse proxy. It is stable, secure and flexiable. You can view my blog about this:

http://netweaverturk.com/2010/08/12/exposing-portal-and-bsp-to-internet-using-web-dispatcher/

http://netweaverturk.com/2010/09/04/exposing-portal-bsp-to-internet-apache-way/

Show replies
Show replies
benjamin_houttuin
Active Contributor
‎05-27-2011 7:56 AM
0 Kudos

I agree with Erhan that Apache Rev Proxy is also a good alternative...

Please be aware that the SAP Webdispatcher is "SAP Cluster Aware" without any extra effort it can load balance over a J2EE and ABAP Cluster (CI + one or more DI's)... What I also have seen at some bigger landscapes is:

Layer 1. Apache Rev Proxy (in DMZ)

Layer 2. SAP Webdispatcher (one per SID, for SAP j2ee/abap Cluster load balancing as mentioned)

Layer 3. SAP Systems Portal(s), ECC, BI, CRM etc etc

Cheers,

B

former_member201257
Active Contributor
‎05-26-2011 5:30 PM
0 Kudos

SAP suggests to use Web Dispatcher and it is pretty straight forward to implement it. However, based on your landscape you can choose from a variety of options like using a Reverse Proxy, external load balancers and software, Web Dispatcher, etc..

The placement of a reverse proxy in the DMZ or Web Dispatcher should be enough and you won't need to place the portal server itself in the DMZ.

There are some good weblogs on SDN on the topic of External Facing portal.

Implementing an External Facing Portal:

http://help.sap.com/saphelp_nw04s/helpdata/en/04/e5b7c3de384515afeafa0dab8e44e0/frameset.htm

Options and strategies to secure an Internet Facing Portal:

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/24396589-0a01-0010-3c8c-ab2e3acf6...

http://wiki.sdn.sap.com/wiki/display/EP/ExternalFacingPortal

http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/44a122f3-0901-0010-b09e-ed4a21441319

http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/30eb732a-2448-2a10-7aa6-8fd0849b6f20

Hope that helps !!

Thanks,

Shanti

Show replies
Show replies
Former Member
‎05-26-2011 5:57 PM
0 Kudos

Thanks Shanti, I have gone through the externel facing portal doc. My only dought was whether a SAP webdispatches in DMZ sufficient or not, Look like it shold work.

former_member201257
Active Contributor
‎05-26-2011 6:04 PM
0 Kudos

The use of a web dispatcher should be good enough.

You will still have to use your Firewall rules as per your company standards and requirements.

Thanks,

Shanti

benjamin_houttuin
Active Contributor
‎05-26-2011 7:25 PM
0 Kudos

I fully agree with Shanti...

One additional note:

If your content in the Portal is rendered on the backend (examples are WD ABAP, BSP, IAC, ITS)... then you should be aware that these backend systems should also be made accessible to the internet.

In the past you should have configured multiple webdispatcher (one for very SID) but now recently this is enhanced by SAP so you can manage this with 1 WebDisp. See the folowing link for more details: http://help.sap.com/saphelp_nw70ehp2/helpdata/en/03/afe24bfeb7419b9172ffb6e7636926/frameset.htm

Cheers,

Benjamin

Ask a Question