2.4 Working With a Firewall
ZENworks Reporting Server works with firewall systems to provide reporting across intranets and the Internet without compromising network security.
This section provides information about how to configure ZENworks Reporting Server in a packet filtering firewall environment. For detailed information about how ZENworks Reporting Server works in other types of firewall environments, see the BusinessObjects Enterprise XI Release 2 Deployment and Configuration Guide.
By default, ZENworks Reporting Server uses dynamically chosen port numbers for communication between components. To enable ZENworks Reporting Server to communicate across a firewall, you must configure its components to use fixed addresses and ports. You must also configure your firewall to allow communication to the services behind the firewall by using these fixed addresses and ports.
The following sections provide detailed information:
2.4.1 Configuring the ZENworks Reporting Servers
You must configure the Central Management Server as well as all the ZENworks Reporting Server Services that are listed under Central Configuration Manager inside the firewall to respond to communication from the application server on a fixed port.
-
On ZENworks Reporting Server, click the desktop menu > > > > .
-
Stop the ZENworks Reporting Server Service that is listed in the Central Configuration Manager by doing one of the following:
-
Right-click the ZENworks Reporting Server Service, then click .
-
Select the ZENworks Reporting Server Services, then click the icon (
) on the toolbar.
-
-
On the toolbar, click the icon (
).
The tab is displayed by default.
-
In the option, append -requestport port_number to the value, where port_number is a valid free port number.
For example, the command value for Central Management Server is as follows:
"\\blr-nrm-r1d\C$\Program Files\Novell\ZENworks\share\boe\BusinessObjects Enterprise 11.5\win32_x86\CMS.exe" -service -name blr-nrm-r1d.cms -restart -protocol ssl -ssl_certdir "C:\Program Files\Novell\ZENworks\conf\security" -ssl_mycertificate "server.der" -ssl_trustedcertificate "ca.der" -ssl_mykey "server.key" -ssl_mykey_passphrase "passphrase.txt" -requestport 5601
Each server under Central Configuration Manager must use a unique port number, but you must ensure that the port number for the Central Management Server is a value other than 6400.
-
Click .
-
Restart the server by doing one of the following:
-
Right-click the ZENworks Reporting Server Service, then click .
-
Select the ZENworks Reporting Server Service, then click the icon (
) on the toolbar.
-
-
Repeat Step 2 through Step 6 for each ZENworks Reporting Server Service that is behind the firewall.
2.4.2 Specifying the Firewall Rules
If there is a firewall between ZENworks Reporting Server and other ZENworks Primary Servers, you must specify the inbound access rules. For more details on how to specify these rules, see the firewall documentation.
We recommend that only the ZENworks Primary Server be allowed to contact ZENworks Reporting Server running at 6400 or at the port specified in Step 4 of Section 2.4.1, Configuring the ZENworks Reporting Servers.
The following table lists the inbound access rules.
Table 2-2 Inbound Access Rules