What is necessary to allow user’s outside our firewall to use the CMC, WEBI and create and refresh DESKI reports while maintaing company securiity standards? We have successfully setup B.O. XI 3.0 to run internally on a single server using AD security. We have VLAN in our environment and would like to take advantage of it.
Thanks,
James206
JAMES206 (BOB member since 2005-12-01)
A starting point is to Bind your CMS & FRS ports in the CMC - apply the server host and port numbers instead of auto (check this as i’m runing multiple versions here)
Open the necessary Ports in the firewall:
WEBI Users: Tomcat or IIS port for all users / bi-directional
CMC/Deski: CMS/FRS’s i.e. 6400 thru 6403 for admins and developers
MikeD 
(BOB member since 2002-06-18)
Thank you, Mike D, for responding.
We have a dmz network. It requires that a 2nd server other than the B.O. XI 3.0 application server be on the dmz to host the website that external users login to and then pass through to the app server.
What must be loaded on that dmz internet facing server? Is it just Tomcat/Apache or IIS web hosting software. Or does Business Objects XI need to be at least partially loaded on the dmz server as well?
JAMES206 (BOB member since 2005-12-01)
Hey.
All you need on the server in the DMZ is a web server and the BOXI Web Tier (you can do that bit from a custom install of BOXI). Then as Mike suggests open the firewall ports either side as per the documentation.
I`ve also seen BOXI work ok in a reverse proxy envrionment, if you have one of those…
ABILtd 
(BOB member since 2006-02-08)
That’s great information. Thank you. I was trying to pattern the BOXI installation after our B.O. 5.1 setup which has worked beautifully for about 7 years now but I couldn’t determine what was on the dmz server. The double edged sword of something that runs relatively problem free for a long time is you forget how it was set up and never really need to have those useful discussions about how it works. Thanks again.
JAMES206 (BOB member since 2005-12-01)