Kbase P11736: Will Progress explorer and AdminServer work across a VPN?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
31/12/2008 |
|
Status: Verified
GOAL:
Will Progress Explorer and AdminServer work across a VPN?
GOAL:
Can Progress Explorer connect to an AdminService using SSH?
FACT(s) (Environment):
Progress 9.1x
OpenEdge 10.x
OpenEdge Category: Database
All Supported Operating Systems
FIX:
From the outset:
The AdminServer and Progress Explorer were never intended to be used through firewalls. AdminServer and Progress Explorer communicate through Java RMI calls using anonymous ports, in effect all ports or all anonymous ports in the firewall for a particular specified IP addresses - ie. the IP address of the machine on which the Progress Explorer is running need to be open for effective communications.
AdminServer/Service and Progress Explorer elements use two ports for communication; these two elements use java "unicast" RMI to communicate, and the RMI uses anonymous ports to communicate between the two JVMs on which the Admin Server and the Explorer are running. So the java effectively just grabs the first available port, which is why ssh tunneling solutions are difficult to fit where (say) a tunnel between remote port 20931 and local port 20931 is created, assuming that the Progress Explorer runs on localhost. These RMI ports are quite different from the communications ports between
the Admin Server/Service and the Explorer, this is why we advise that all TCP ports need to be opened up on the firewall. Solutions for ssh tunnelling for java RMI may be found, however this approach would be unsupported.
Another solution is VPN. There are many flavors available, the setup and configuration are out of scope in this Solution.
At the time of writing, technical support has seen customer cases of CISCO's VPN software effectively used for this scenario. As long as there are no issues establishing TCP/IP connections over the VPN, it just provides secure transport and doesn't consider the protocols or content of the encrypted traffic that runs over it. Optionally, VPN can be set up to be more restrictive which may cause further performance issues, but typically VPNs act as unrestricted point-point connections. If there's a firewall between the two endpoints, please re-read the first paragraph above and Progress Solution P3259 below, otherwise there should be no further problems.
In broad strokes:
VPN client >> VPN server >> [Remote Desktop as needed] >> start Progress Explorer
Establish the vpn-connection to the vpn server:
ip: <>
u/p: <name>/<password>
Then connect to the server using remote desktop (as needed):
ip: <of server with Progress Explorer>
u/p: Administrator/administrator