Laserfiche WebLink
Chapter 2 — Networking, Security, and Support Connectivity <br />The following diagram outlines the firewall port configuration to operate those products that require internet <br />access and to provide support access. This diagram is based upon Inform CAD 5.7 and Inform Mobile 5.7. <br />With version 5.7, Inform Browser is integrated with Inform CAD's core business components and its hosting <br />Web Server needs to be on the same domain as that of Inform CAD for OS Authentication when accessing <br />network resources hosted inside the secured network. Starting with version 5.3 Inform Browser is installed with <br />TriTech.Launch. <br />With version 5.7, TriTech recommends placing Microsoft's IIS with the ARR (Application Request Routing) <br />plugin into the DMZ, shown as the ARR Web Server in the following diagram. ARR Web Server functions as <br />the reverse proxy and HTTP/HTTPS network traffic filter for Inform Browser hosted inside the secured CAD <br />network. If needed, ARR Web Server supports end -to -end SSL communication, in addition to the light -weighted <br />SSL offloading. <br />In addition to the ARR Web Server for Inform Browser, TriTech's Inform Relay Server can be installed in the <br />same host to relay TCP/UDP traffics between Inform Mobile Client and Inform Mobile Server. <br />With Inform Browser and Inform Mobile Server installed in the secured CAD network and ARR Web Server and <br />Inform Relay Server installed in the DMZ, there is no longer need to open SQL Server and MSMQ ports <br />between the DMZ and CAD network. <br />There are customers who purchase a second Archiving & Reporting Server to allow other organizations to report <br />on data. Previously this was allowed to be placed in the DMZ. For security reasons TriTech no longer <br />recommends this configuration. There may be customers who need to place this second Archiving & Reporting <br />Server in the DMZ, if that is the case the agencies do so at their own risk and against the recommendation of <br />TriTech. <br />TriTech products operate using the Windows time of the applicable machine. Time synchronization occurs <br />through several components as a part of an Inform CAD — Inform System operating within a Windows network. <br />Windows Active Directory also synchronizes time with computers through the Domain Controller. The system <br />administrator should evaluate system components to ensure that time sync problems do not cause unexpected <br />system behavior. <br />1. Within an Active Directory with Windows time service enabled, Windows will sync workstation and server <br />times to the Domain Controller time. It is recommended that the Domain Controller is synched to desired <br />reliable time source. <br />2. Based upon code within the applications, all Inform CAD interface/business servers and workstations will <br />automatically synchronize their time to the Inform CAD Database Server once every 60 minutes. <br />3. Inform Mobile Clients will get their time from the GPS (AVL). Therefore, it does not require any special <br />configuration. <br />4. Please note: TriTech highly recommends customers utilize a precision time source (i.e., NetClock) and <br />associated software to precision time synchronization. Please consult the installation guides applicable to <br />your chosen time source device. <br />The contents of this material are confidential and proprietary to TriTech Software Systems, Inc. and may not be reproduced, <br />published or disclosed to others without the prior written consent of TriTech Software Systems, Inc. <br />©2015 TriTech Software Systems <br />