Hi Dojo, we are planning to open the dashboard gateway to external users by NAT Mapping the dashboard to a public ip/domain name. External users will be able to access the dashboard app via public ip/ or a domain name.
What is the standard practice in terms of security to open this server to public? Appreciate Skyline's recommendation. TQ
Pieter Van Compernolle [SLC] [DevOps Enabler] Selected answer as best 24th May 2023
A few things I'm thinking off:
- In Cube, System Center, Security, limit access for the Dashboards Gateway user to the bare minimum that is really needed.
- Enable HTTPS on the Dashboards Gateway using a certificate signed by a public certificate authority. Disable HTTP, or use HTTP only to redirect GET requests to HTTPS.
- Use SAML for authentication. An identity provider can apply additional security measures than DataMiner, like enforcing 2-step authentication.
- Have DDoS protection like Cloudflare.
- Keep Windows Server up to date, important security updates should be installed asap.
Or use the cloud sharing functionality where all of this is already taking care of (see Ben's answer).
Wim Bruynooghe [SLC] [DevOps Advocate] Answered question 29th March 2023