Hi Dojo, we are planning to open the dashboard gateway to external users by NAT Mapping the dashboard to a public ip/domain name. External users will be able to access the dashboard app via public ip/ or a domain name.
What is the standard practice in terms of security to open this server to public? Appreciate Skyline's recommendation. TQ
Did you consider the other option to make your DataMiner System cloud-connected to enable the live dashboard sharing function? This can be achieved with very little effort, in a matter of an hour so to speak, and it has the advantage that external consumers of the dashboard do not need user credentials for your core DataMiner System. Here's some more information on this service: Sharing a dashboard | DataMiner Docs
A few things I'm thinking off:
- In Cube, System Center, Security, limit access for the Dashboards Gateway user to the bare minimum that is really needed.
- Enable HTTPS on the Dashboards Gateway using a certificate signed by a public certificate authority. Disable HTTP, or use HTTP only to redirect GET requests to HTTPS.
- Use SAML for authentication. An identity provider can apply additional security measures than DataMiner, like enforcing 2-step authentication.
- Have DDoS protection like Cloudflare.
- Keep Windows Server up to date, important security updates should be installed asap.
Or use the cloud sharing functionality where all of this is already taking care of (see Ben's answer).