I installed all roles in the same DLO server (including edge server) and now we are planning to use BOI, I did some tests but with the 445 port open, I think this is a potential security issue.
Does anyone know how to secure this architecture?
DLO uses File and Print Sharing port 445 to save files on the Network Storage location.
Typical BOI setup would install the Edge Server portion on a separate server that is in the DMZ, and it would communicate to the IO Server inside the network on secure HTTPS Port 443 as well as HTTP Port 90. Port 445 would not be open on the Edge Server externally but only on the Internal network.
If using just a Software Firewall you would have to make sure that port 445 is not accessible from outside the network.
This document lists the Port requirements for DLO.
This document is in regards to the BOI Setup and configuration.
Here are some examples on how the DLO Edge Server can be deployed:
• Through NAT (Dynamic or static) configured on the firewall.
• The DLO Edge Server can reside in Demilitarized zone (DMZ).
• Through a Reverse Proxy Server in Demilitarized zone (DMZ) which would redirect all the DLO Agent requests to the DLO Edge Server (residing in the corporate network).