Configuring firewalls with AR System servers
This section describes the connections required to connect to an AR System server through a firewall, without using a portmapper. A firewall is a security system that acts as a protective boundary between a network and the outside world.
In the following figure, the BMC mid tier client connects to a specific port of the AR System server. When the user makes a request of the AR System server, the response is returned on the same TCP connection that makes the request. For more information about setting ports, see Setting ports and RPC numbers.
Transmitting through a firewall
(Click the image to expand it.)
To enable these connections through the firewall, the AR System server and the client must be configured to communicate on the proper ports:
- AR System server — The AR System administrator assigns a specific port number in the Server TCP/IP Port box as described in Assigning TCP port numbers to AR System servers.
- Client — In mid tier, the administrator or user configures the server settings on the mid tier configuration page as described in Configuring clients for AR System servers. In BMC Remedy Developer Studio, the administrator configures the Server List accessed from the Login window. This informs the clients of the location on the firewall through which they can connect to AR System servers.
When a firewall or a load balancer exists between clients and BMC Remedy AR System server, you must set the TCP "keep alive" value properly. The operating system of the host BMC Remedy AR System server maintains the keep-alive socket (not the client). Make sure that the keep-alive value on the firewall or load balancer is at least as long as or longer than the keep-alive value on the largest host server of all BMC Remedy AR System servers connected to the firewall or load balancer.