Workshare and Firewalls - Intergraph Smart P&ID - 10.0 - Administration & Configuration - Intergraph

Intergraph Smart P&ID Workshare Configuration and Reference

Language
English
Product
Intergraph Smart P&ID
Search by Category
Administration & Configuration
Smart P&ID Version
10
Smart Engineering Manager Version
11

The following sections discuss the available networking technologies for establishing a connected Workshare collaboration in a firewall environment using either a Demilitarized Zone (DMZ) or Virtual Private Network (VPN) solution. Most corporate network firewalls have the ability to create a DMZ environment. A VPN solution can be implemented using Microsoft Windows® Server 2003; however, there are other hardware- and software-based VPN solutions. Regardless of which firewall environment you configure, Smart Engineering Manager and Smart P&ID use Oracle Net connections to communicate with Oracle databases.

Demilitarized Zone (DMZ)

A DMZ places certain ports on your database server outside the firewall to allow communication over the Internet with other sites. When using a DMZ network implementation, the servers placed outside the firewall can be locked down so that only a single IP address and one port for Oracle communication (port 1521) is allowed to communicate across the Internet to transfer data between the Oracle databases at the host and satellite sites. Communication between the host and satellite sites transfers data only between each other. With the proper firewall rules established, no other IP addresses are allowed on the connection.

In a DMZ environment, the Oracle server must reside outside the company's domain.

Virtual Private Network (VPN)

A VPN can be used to enhance your data protection between sites by using packet encryption to further protect information as it is sent from and received at your network. A VPN can be set up using several different encapsulating protocols (for example, IPSec, L2TP, PPTP, or L2F) that wrap a protective encrypted packet around the data during the transfer between the host and satellite sites. In essence, this creates a virtual Local Area Network (LAN) between the host and satellite locations. Each computer participating in the VPN can be isolated so that no other computers on your corporate LAN are visible to the opposite site.