We need to display a web page on a visio embeded on a shape to display a graph on a dataminer screen, similar to here:https://docs.dataminer.services/user-guide/Basic_Functionality/Visio/linking_shapes/Linking_a_shape_to_a_webpage.html?q=web
However, not all places where the dataminer client is launched has access to the URL used.
Given the dataminer server has network connectivity to the address of the webpage, is it possible to render the webpage from the server side, so the webpage can be viewed by any operator launching the dataminer cube from anyplace within our network? i.e. how would we embed the webpage?
Hi Elvio - Jarno provided an option to display content that you need to put on your DataMiner System. I believe you were maybe asking if you can take an external web page, which is accessible from the DMAs but not from the client stations that typically access DataMiner, and somehow make it accessible in Cube for those client stations. Just in case that this was the question: theoretically this is possible, by setting up the DMAs as a proxy between that web page and those clients, only then that would work. But I believe that this is not recommended. The reason why your clients cannot access that web page is due to the internal set-up and configuration of your networks and where that web page resides and where the clients reside. DataMiner has apparently access / connectivity to both environments. And I'm not a security expert but proxying such as web page via a DataMiner System to the clients to me feels like bypassing / working around the intended IT infrastructure. And the better option is then probably to discuss this with your IT, and see if and what a suitable solution could be, which would not compromise the integrity of the security of the infrastructure.
Thanks Bert for pointing to the technical details about this one, because this was indeed the option that I meant to refer to as a technical solution for the question raised here. The only side note I wanted to make also on this option (again, not sure if it is justified or not as I’m not a security expert), is that this kind of configuration needs to maybe be discussed with the ICT / network team of the organization. Because clearly the environment was designed for the clients not to have access to these web pages, and somehow this changing that, and probably the broader ICT / network / security teams need to be aware of this.
This should indeed be approved by the relevant IT & Security teams because this solution would open your system up to Server Side Request Forgery attacks. The secure solution would be to grant limited/secure access to the clients that need to view the page. A description of SSRF: https://blog.intigriti.com/hackademy/server-side-request-forgery-ssrf/
Thanks for those additional security insights and further recommendations Jens, very valuable.
FYI: it is possible to set up IIS as a reverse proxy using URL Rewrite and ARR.
So, technically you can configure IIS on a DMA so that it will take certain URLs, transform the URLs, fetch the needed webpage, and serve it back to the client.
More info can be found on the internet, e.g.: https://techcommunity.microsoft.com/t5/iis-support-blog/setup-iis-with-url-rewrite-as-a-reverse-proxy-for-real-world/ba-p/846222