<p>I have seen lots of questions on Forum regarding the issues configuring the Business Objects Enterprise with the Firewall. This is my attempt to provide the some information on the Business Objects Enterprise Servers and there usage in the context of Firewall.</p><p>Before we get into the Scenarios and configurations, Let us understand some facts about the BOE Servers which are related to the Firewall Scenarios.</p><ol><li>While installation we provide the Name Server Port details, this is the only static port assigned to CMS (Name Server) while installation</li><li>All the Other Servers including CMS request port will be assigned with the Dynamic ports</li><li>CMS Server requires two ports to function <ul><li>Name Server Port – The static port provided during installation, This is the port on which CMS Server will listen for the Other Servers in the deployment to get registered with it and also Clients and Web Applications to establish contact with it. And during the installation all the Other Servers will be updated with the details of this NameServer (HOST: <NameServerPort>)</li><li>Request Port – This is the Port on which the Clients/Web Applications will get the response from the CMS for their requests.</li></ul></li><li>There are also Job Servers (Adaptive, Crystal, Desktop Intelligence, Destination, List Of Values and Program) which will require more than one ports and this depends on the Job Server configuration which defines the number of child process this server can run for multi threading</li><li>All Other Servers requires one port and they will be assigned with the Dynamic port by default</li></ol><p>Assuming I have covered all the important and specific behavior of each servers which will have impact on the Firewall configuration, Let’s move forward to the configurations to be done on these servers.</p><p>Assigning the Static Port to CMS Server and Other Server Request Port</p><ul><li>Please note for the CMS NameServer Port is already static assigned during installation</li><li>To assign the static port to CMS/Any Other Server Request Port, Please do the following</li></ul><ol><li>Logon to CMC as administrator. </li><li>Navigate to the “Servers” page. </li><li>Double Click on the Desired Server . </li><li>Under “Common Settings”, one can manage the Server Request port. The port # can be either “Auto Assigned” or a designated. For firewall configuration, you have to designate a port # for the Server Request Port. </li><li>Uncheck the “auto assign” next to “Port” and put the port number to the text box and click on OK. </li><li>Please note that the changes will take effect only after the Server Restart</li></ol><p>Assigning the Static Port to Job Servers: As discussed above the Job Server required multiple ports based on the number of Childs it can invoke, So first step is to identify the required port range for this server and then assign the port range</p><ul><li>To identify the required number of Ports</li></ul><ol><li>Logon to CMC as administrator. </li><li>Navigate to the “Servers” page. </li><li>Double Click on the Adaptive Job Server . </li><li>Below “Common Settings”, one can find the “Maximum Concurrent Jobs” and that is the Port range required for this Job Server</li></ol><ul><li>Assign the Identified Port Range to Job Server</li></ul><ol><li>Same as other servers, apart from you need to mention the lowest and highest port range separated by “-” which counts to the identified number of “Maximum Concurrent Jobs” in the Request Port text box e.x. <lowestport>-<highestport> </li></ol><p>Now, We understand the different kinds of Ports required for BOE Servers and the way to configure them. Let’s move on to the different Scenario Configuration possible in the BOE Deployment with respect to firewall.</p><p>Client – Firewall – BOE Server (BOE Specific)
Web Application Server – Firewall – BOE Servers (BOE Specific)
- In This case it is suggested to have all the Server ports enabled to WAS, as WAS communicates with most of them.
BOE Servers – Firewall – BOE Servers (BOE Specific)
- In This case it is highly suggested to have all the Server ports enabled to interact with each other as most of the servers are inter related and communicates with each other especially All the Servers communicates with CMS, IFRS and OFRS minimum
BOE Servers – Firewall – Database System (CMS Repository / Reporting DB)
* In this case the Database Port has to be enabled for the BOE Servers</li></ul><p>Internet – Firewall – Web/Web Application Server</p><ul><li>As any other applications enabling the Web/Web Application Server port on which BOE is deployed is enough in this case</li></ul><p>Some Other Important Points</p><ul><li>Usually DMZ comes into picture with firewall. In Case the BOE Servers are installed on DMZ, One need to assign the IP address on which these should run.</li><li>None of the BOE Servers initiates the communication outside the firewall with either Client/Web Application Server. </li><li>Please note that the above statement is true for all the scenarios apart from “BOE Servers – Firewall – BOE Servers*”, In this case all the other server except CMS will initiate the communication outside the firewall with CMS Server.
I hope this covers all the required details around the Business Objects Enterprise Deployment in the Firewall environment.