bverm
Enthusiast
Enthusiast

Configure RSA only for security server and not internally?

Jump to solution

Greetings,

In View Configuration > Servers > Edit View Connection Servers > Authentication you can enable RSA. However, I want to use RSA for people that connect through the security server and not those that connect internally.

Does that mean my only option is to add another View Connection Server and point the Security Server to that Connection Server on which I enable RSA?

If so this isn't necessarily a problem but it would mean I have 3 connection servers and 1 security server for a rather small View environment. :smileysilly:

Ideally I'd loadbalance those aswell which would mean 4 connection servers and 2 security servers. Maybe that's a bit overkill, heh. Smiley Sad

Anybody know of an alternate solution?

Thanks in advance!

0 Kudos
1 Solution

Accepted Solutions
Poort443
Enthusiast
Enthusiast

The way you describe it is the way to do it. The Security Server is always paired with a Connection Server, so no way around it.

View solution in original post

0 Kudos
3 Replies
Poort443
Enthusiast
Enthusiast

The way you describe it is the way to do it. The Security Server is always paired with a Connection Server, so no way around it.

0 Kudos
gunnarb
Expert
Expert

Unfortunately you have stumbled on one of the ugly architectual issues with View. 

If you want to have a different type of security for external users from internal users you have to create a Security Server and a View Connection Server just for hte External Connection.  If you want to load balance the external connection that means you need two Security Servers and two View Connection Servers.  Now I image you'd want to load balance the internal connections as well, so this means another two View Connection Servers.  And this is all based on you having less than 2000 users (which is sounds like you do) but basically to do redundancy for internal and external connections you are talking a minimum of 6 servers.

I know its ugly, hopefully in the future we'll see this get cleaned up so the SS doesn't have to be paired with just one VCS and the VCS coudl operate different based on what IP the client is coming from.  For now, this is the design you have to roll with.


Gunnar

Gunnar Berger http://www.gunnarberger.com http://www.endusercomputing.com
sketchy00
Hot Shot
Hot Shot

I ran into this "ugly architectural issue" as well.  Super small View Pilot Project, and I had to build up 3 of these servers.  A connection and security server paired with eachother for access from the outside, and then a dedicated internal connection server.  Couldn't help but have the feeling that I was going to have more servers supporting the environment than I was going to have for users during this pilot project.