Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Work Tasks

TABLE OF CONTENTS

Guidelines for Configuring AVEVA Work Tasks in DMZ

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJun 06, 2024
  • 3 minute read

Overview

You can setup an Enterprise Console Web Application with an external URL (accessible with an Internet connection) and with its content on an internal Enterprise Console Web Server (not connected to the Internet) hosted through an Internet Information Server (back end server). This is achieved by forwarding HTTP requests (client requests) to the Application Request Routing server (front end server), which in turn will internally route it to the back end server.

DMZ

A reverse proxy in ASP.Net forwards client requests to the back end server, translates links and headers from the response received to the proxied URL, and then sends the response to the client.

Configuration

To set up this environment, configure the Application Request Routing Front End Server, and the Back End Secured Server as follows:

Configure Enterprise Web Application Proxy Server

(Application Request Routing Front End Server)

  • Install Internet Information Server Extensions

    • Application Request Routing

    • URL Rewrite

  • Configure Website on Application Request Routing Server

    • Setup Application Pool

    • Create Website

    • Enable Authentication to Anonymous

  • Configure URL Rewrite

    • Setup Inbound Server

    • Setup Outbound Server

    • Setup Outbound Precondition

Configure Enterprise Console Web Server

(Back End Secured Server)

  • Setup Website Authentication

  • Setup Service Principal Names

Configure Application Request Routing Front End Server

Install Internet Information Server Extensions

The following Internet Information Server (IIS) extensions are prerequisites to configure the application request routing front end server:

  • Application Request Routing

  • URL Rewrite

Application Request Routing

Application Request Routing is an IIS extension that enables you to increase web application scalability and reliability through rule-based routing. For more information, refer to: https://www.iis.net/downloads/microsoft/application-request-routing.

Note: The latest version of Application Request Routing extension also includes the URL Rewrite extension.

URL Rewrite

URL rewrite is an IIS extension that enables you to create powerful inbound or outbound rules to implement URLs. This makes its ideal for a reverse proxy, if you only intend to forward the requests. For more information, refer to: https://www.iis.net/downloads/microsoft/url-rewrite.

Configuring Website on Application Request Routing Server

The Application Request Routing Server website is accessible to external users, and therefore must be secured appropriately with firewalls and other security measures.

  • Create application request routing server website as follows:

  • Setup an integrated application pool

  • Create a website

  • Setup website authentication by enabling only Anonymous Authentication

Configuring URL Rewrite

Add reverse proxy rules as follows:

  • Inbound Rules: Enter IP address of the Enterprise Console Web Server

  • Outbound Rules: Select Rewrite the domain names of the links in HTTP responses

  • From: Enter the IP address along with the port (8000) of the Enterprise Console Web Server. For example, 10.012.123.45:8000

  • To: Enter the IP address or name of the Enterprise Web Application Proxy Server (Application Request Routing Server). For example, ARRSERVER01

Add outbound pre-conditions as follows:

  • Condition Input: RESPONSE_CONTENT_TYPE

  • Check if input string: Matches the Pattern

  • Pattern: gzip

Configure Enterprise Console Web Server

Setup Website Authentication

By default, the Enterprise Console Web Server is set to Windows Authentication. Ensure the authentication has not changed.

Setup Service Principal Names

Setup two service principal names on Enterprise Console Web Server. The first one with the fully qualified system name and the second one with the system name. To setup Service Principal Names, run the Command Prompt as an Administrator, and then run the following commands:

First Service Principal Name

SETSPN -S HTTP/<ARR Server Name>.<Fully Qualified Domain Name> <Domain Name>\<User Name>

For example, if the ARR Server Name is ARRSERVER01, the Domain Name is mydomain.com, and the User Name is myusername, then the command is:

SETSPN -S HTTP/ARRSERVER01.mydomain.com mydomain\mysusername

Second Service Principal Name

SETSPN -S HTTP/<ARR Server Name> <Domain Name>\<User Name>

For example, if the ARR Server Name is ARRSERVER01, the Domain Name is mydomain.com, and the User Name is myusername, then the command is:

SETSPN -S HTTP/ARRSERVER01 mydomain\mysuserName

In This Topic
TitleResults for “How to create a CRG?”Also Available in