Sample DMZ Environment Configurations - Intergraph Smart P&ID - 10.0 - Administration & Configuration - Intergraph

Intergraph Smart P&ID Workshare Configuration and Reference
Language
English
Product
Intergraph Smart P&ID
Search by Category
Administration & Configuration
Smart P&ID Version
10
Smart Engineering Manager Version
11

The following general items should be considered when establishing a DMZ configuration.

  • Use a single network-ready computer with only one assigned IP address.  No other networking connection should be allowed to a DMZ system (no backdoors).

  • Install and maintain virus scanning software on the NIC system.

  • Load and maintain all current operating system security patches.

  • Load and maintain all current application security patches.

  • Limit access from the Internet node (for example, a satellite site) to allow only the functions needed for Workshare.  For example, telnet access is not needed for a system whose function is to be a host database server.

  • Grant full access from internal networks to the computer in the DMZ.

  • Limit access from the computer in the DMZ to the Internet to allow only those functions needed for Workshare.

  • Block access from the computer in the DMZ to internal networks. Only for special cases should holes be made to allow access from a DMZ to an internal system (for example, SQL authorization from a web server in the DMZ to an internal domain controller).

In the configuration below, Smart Engineering Manager and Drawing Manager reside inside the LAN behind the firewall to allow domain users and groups to be added to the Roles section in Smart Engineering Manager. This configuration allows domain users to authenticate against the local domain. The DMZ firewall rules need to be set up for the Smart Engineering Manager server on the LAN to allow access to the satellite database and the host database via an Oracle alias for the satellite database. At the satellite site, a database link needs to be created and pointed to the database at the host. This link allows the satellite database to connect to the host database and subscribe to a satellite slot.

  • In a DMZ environment, the Oracle server must reside outside the company's domain.

  • The only communication between the host and the satellite databases is through the database link. There is no need to create a database alias from any satellite clients to the host.