You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Adrian Stern <ar...@gmail.com> on 2014/02/28 10:57:18 UTC
Distributed Installation for security reasons
Hi
We want to use ofbiz as our ERP software and also as our E-Commerce
solution. For security reasons it would be a good idea to not install both
of them on the same system.
Is there any documentation about how to install ofbiz in a distributed
matter so we can run E-Comm inside the DMZ while the rest is run inside the
network?
Also is there a way to use ofbiz together with magento?
Regards,
Adrian
Re: Distributed Installation for security reasons
Posted by Jacques Le Roux <ja...@les7arts.com>.
There are no specific documentation for you case.
It's possible to secure OFBiz the way you want. You have to share the DB from both OFBiz instances using entityengine.xml for the setting
Note though that it would be still possible to compromise your DB from the less secured instance.
I would rather completely secure the whole system, that's not an OFBiz topic...
It's also possible to use Magento as an ecommerce interface (Opentaps has a module for that IIRW) but not OOTB
Jacques
Le 03/03/2014 09:59, Adrian Stern a écrit :
> Is it safe to take the silence as a "no it is in fact not possible to user
> ofbiz in a distributed matter to avoid security issues"?
>
> Did nobody ever do this?
>
>
> On 28 February 2014 10:57, Adrian Stern <ar...@gmail.com> wrote:
>
>> Hi
>>
>> We want to use ofbiz as our ERP software and also as our E-Commerce
>> solution. For security reasons it would be a good idea to not install both
>> of them on the same system.
>>
>> Is there any documentation about how to install ofbiz in a distributed
>> matter so we can run E-Comm inside the DMZ while the rest is run inside the
>> network?
>>
>> Also is there a way to use ofbiz together with magento?
>>
>> Regards,
>> Adrian
>>
Re: Distributed Installation for security reasons
Posted by Hans Bakker <ma...@antwebsystems.com>.
Nothing is preventing you to have multiple OFBiz systems which different
components enabled accessing the same database.
Regards,
Hans
antwebsystems.com
On 03/03/14 15:59, Adrian Stern wrote:
> Is it safe to take the silence as a "no it is in fact not possible to user
> ofbiz in a distributed matter to avoid security issues"?
>
> Did nobody ever do this?
>
>
> On 28 February 2014 10:57, Adrian Stern <ar...@gmail.com> wrote:
>
>> Hi
>>
>> We want to use ofbiz as our ERP software and also as our E-Commerce
>> solution. For security reasons it would be a good idea to not install both
>> of them on the same system.
>>
>> Is there any documentation about how to install ofbiz in a distributed
>> matter so we can run E-Comm inside the DMZ while the rest is run inside the
>> network?
>>
>> Also is there a way to use ofbiz together with magento?
>>
>> Regards,
>> Adrian
>>
Re: Distributed Installation for security reasons
Posted by Adrian Stern <ar...@gmail.com>.
Is it safe to take the silence as a "no it is in fact not possible to user
ofbiz in a distributed matter to avoid security issues"?
Did nobody ever do this?
On 28 February 2014 10:57, Adrian Stern <ar...@gmail.com> wrote:
> Hi
>
> We want to use ofbiz as our ERP software and also as our E-Commerce
> solution. For security reasons it would be a good idea to not install both
> of them on the same system.
>
> Is there any documentation about how to install ofbiz in a distributed
> matter so we can run E-Comm inside the DMZ while the rest is run inside the
> network?
>
> Also is there a way to use ofbiz together with magento?
>
> Regards,
> Adrian
>
Re: Distributed Installation for security reasons
Posted by Adrian Stern <ar...@gmail.com>.
Thanks for your answer. Today my ofbiz cookbook arrived which has a chapter
about both, security and accessing multiple databases.
Hopefully this helps when the time comes.
Your answer shows a way very similiar to what i had in mind. So thanks
again.
Re: Distributed Installation for security reasons
Posted by Rajbir Saini <ra...@yahoo.com>.
Security management is not easy and there is no simple answer to it.
Also, it depends where are you hosting your sites. Are they in public
cloud, public data center, your private cloud or your private data center?
However, I can suggest you a typical small setup:
Your firewall at the edge of your LAN and where your WAN terminates
Two or more VLANs (DMZ, office network, database and application server).
Host your web server (Apache web server) in the DMZ VLAN
Host your Application servers (OFBiz) and Database server.
I assume your private network is trusted and you do not need any SSL.
All SSL can be terminated at your web server. Your web sever will
communicate with your application servers using private address range
such as 192.168.x.x
Thanks,
Raj
On Tuesday 04 March 2014 04:09 PM, Adrian Stern wrote:
> Thank you.
>
> Since there are some developers here with experiance in E-Commerce, the
> BigFish developers for example, maybe they've some ideas?
>
> @Pierre Smits:
> Thats exactly the kind of setup i am looking for. But for me it's unclear
> how the interface between tier 1 and tier 2 should be set up.
> Do i connect them on ofbiz level or on database level.
>
> Would i face any limitations in a setup where there is one DB and a
> different server for each module? Would they still work together normally?
> I think with i well configured database user with not too many access
> previleges, the security would suffice in our scenario.
>
> Anyway. Thanks for the answers. I may try to contact the BigFish guys to
> check if they would share their experiances.
>
> Regards,
> Adrian
>
>
> On 4 March 2014 09:48, Pierre Smits <pi...@gmail.com> wrote:
>
>> In a 3 tier setup with DMZ you would normally put the 1st tier (the web
>> server) in the DMZ with connections to the 2nd tier (OFBiz) in you own
>> network. Of course, for optimal security you would have to have a ssl
>> tunnel between tier 1 and 2.
>>
>> Regards,
>>
>> Pierre Smits
>>
>> *ORRTIZ.COM <http://www.orrtiz.com>*
>> Services & Solutions for Cloud-
>> Based Manufacturing, Professional
>> Services and Retail & Trade
>> http://www.orrtiz.com
>>
Re: Distributed Installation for security reasons
Posted by Adrian Stern <ar...@gmail.com>.
Thanks for clarifying this.
For the record, this are two links with similiar topics: (any more would be
appreciated)
http://osdir.com/ml/java.ofbiz.user/2007-08/msg00331.html
http://mail-archives.apache.org/mod_mbox/ofbiz-user/201105.mbox/%3CED04772581D6B147855C49C32D011B3D23D992D5C5@NDA-HCLT-EVS04.HCLT.CORP.HCL.IN%3E
There is also a PDF called OFBizBasicProductionSetup.pdf which seems to
hold some value.
On 4 March 2014 11:48, Pierre Smits <pi...@gmail.com> wrote:
> Adrian,
>
> Tier 1 = webserver, e.g. Apache HTTP or nginX
> Tier 2 = OFBiz
> Tier 3 = db server
>
> So, you would configure the tier 1 server as a proxy and reverse proxy
> server for tier 2. There are enough examples to guide you.
>
> Regards,
>
> Pierre Smits
>
> *ORRTIZ.COM <http://www.orrtiz.com>*
> Services & Solutions for Cloud-
> Based Manufacturing, Professional
> Services and Retail & Trade
> http://www.orrtiz.com
>
Re: Distributed Installation for security reasons
Posted by Pierre Smits <pi...@gmail.com>.
Adrian,
Tier 1 = webserver, e.g. Apache HTTP or nginX
Tier 2 = OFBiz
Tier 3 = db server
So, you would configure the tier 1 server as a proxy and reverse proxy
server for tier 2. There are enough examples to guide you.
Regards,
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
Re: Distributed Installation for security reasons
Posted by Adrian Stern <ar...@gmail.com>.
Thank you.
Since there are some developers here with experiance in E-Commerce, the
BigFish developers for example, maybe they've some ideas?
@Pierre Smits:
Thats exactly the kind of setup i am looking for. But for me it's unclear
how the interface between tier 1 and tier 2 should be set up.
Do i connect them on ofbiz level or on database level.
Would i face any limitations in a setup where there is one DB and a
different server for each module? Would they still work together normally?
I think with i well configured database user with not too many access
previleges, the security would suffice in our scenario.
Anyway. Thanks for the answers. I may try to contact the BigFish guys to
check if they would share their experiances.
Regards,
Adrian
On 4 March 2014 09:48, Pierre Smits <pi...@gmail.com> wrote:
> In a 3 tier setup with DMZ you would normally put the 1st tier (the web
> server) in the DMZ with connections to the 2nd tier (OFBiz) in you own
> network. Of course, for optimal security you would have to have a ssl
> tunnel between tier 1 and 2.
>
> Regards,
>
> Pierre Smits
>
> *ORRTIZ.COM <http://www.orrtiz.com>*
> Services & Solutions for Cloud-
> Based Manufacturing, Professional
> Services and Retail & Trade
> http://www.orrtiz.com
>
Re: Distributed Installation for security reasons
Posted by Pierre Smits <pi...@gmail.com>.
In a 3 tier setup with DMZ you would normally put the 1st tier (the web
server) in the DMZ with connections to the 2nd tier (OFBiz) in you own
network. Of course, for optimal security you would have to have a ssl
tunnel between tier 1 and 2.
Regards,
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com