24.4 Setting Up Filr in a DMZ

To provide an additional level of security, you can set up Filr in a DMZ. You might want to consider setting up Filr in a DMZ especially if you are planning to allow external users to access the Filr system (as described in Section 6.3, Allowing External Users Access to Your Filr Site). It is most secure to restrict external user access to Filr appliances that are located in the DMZ, rather than allowing external users access to a Filr appliance behind the internal firewall.

The actual data is never stored in the DMZ, but behind the internal firewall on the database and search appliances, on the Windows and OES servers (for your Net Folders), and on a SAN for files in personal storage.

The following graphic illustrates a basic setup with Filr running in a DMZ, including information about the ports that you need to open for the firewalls and for communication between the various servers:

Figure 24-1 Filr in a DMZ

Only traffic destined to the DMZ is allowed through the front-end firewall, and only traffic from the DMZ to the internal network is allowed through the back-end firewall.

In a clustered environment, it is also possible for some of the Filr appliances in the cluster to run behind the internal firewall while others run in the DMZ. Doing so can result in performance benefits for internal users. Setting up Filr in this way requires that you use memcached caching. For more information about configuring memcached caching, see Changing Clustering Configuration Settings in the Novell Filr 1.0.1 Installation and Configuration Guide.

For more information about port configuration in Filr, see Port Numbers in Network Configuration in the Novell Filr 1.0.1 Installation and Configuration Guide.

For information about setting up NetIQ Access Manager as a reverse proxy, see Section 22.0, NetIQ Access Manager.

For information about configuring Apache as a load balancer, see Configuring Apache as a Load Balancer in the Novell Filr 1.0.1 Installation and Configuration Guide.