Sentinel LDK-EMS Web Portals on Separate Servers
The Sentinel LDK-EMS web front consists of two portals:
> For vendor users
> For customers (primarily used for activation)
These Sentinel LDK-EMS portals are usually installed on a single machine (as described in the previous section). However, you can choose to configure Sentinel LDK-EMS so that each portal and the Sentinel LDK-EMS database are all installed on separate machines.
Each server listens on a TCP port for incoming requests. The requests are encrypted using the SSL feature if configured accordingly. Each server then communicates with the Sentinel LDK-EMS database (a single database for the entire system) to process the requests.
In this section:
>Main Points of the Separate Portals Configuration
Installing Sentinel LDK-EMS
1.On one machine, create an SQL database with a user name and password. The user must have SQL sysadmin or dbcreator privileges for this database.
For more information, see Installing and Configuring SQL Server Manually (Optional).
2.For the Vendor portal: On a second machine (or the same machine), run the Sentinel LDK-EMS installation procedure. In the procedure, ensure the following:
a.Select only Sentinel LDK-EMS for installation. It is not necessary to install Vendor Suite.
b.Select the Advanced setup type.
c.In the Sentinel LDK-EMS Database Configuration screen, specify the information for the SQL database you created earlier.
d.Select Use existing database.
The Sentinel LDK-EMS installation procedure is described in Installing Sentinel LDK-EMS on Your Machine.
3.Complete the installation wizard.
Thales recommends that you specify to use the SSL communication protocol.
4.For the Customer portal: On a separate machine, run the Sentinel LDK-EMS installation procedure again. In the procedure, ensure the following:
a.Select only Sentinel LDK-EMS for installation. It is not necessary to install Vendor Suite.
b.Select the Advanced setup type.
c.In the Sentinel LDK-EMS Database Configuration screen, specify the information for the SQL database you created earlier.
d.Select Use existing database.
5.Complete the installation wizard.
Thales recommends that you specify to use the SSL communication protocol.
No additional configuration is required.
6.On the Customer portal machine: configure Sentinel LDK-EMS so that the installation can only be accessed using a customer-related URL (requests which are only applicable to the Customer portal). This configuration is a manual process. Contact Thales Professional Services for assistance to perform the required configuration.
Configuring the Firewalls
The external firewall should be configured to accept only requests that are related to the Customer portal. The requests should be forwarded to the instance of Sentinel LDK-EMS Service that acts as the Customer portal. Sentinel LDK-EMS Service then accesses the remote Sentinel LDK-EMS database through the internal firewall.
The Sentinel LDK-EMS Vendor portal and the Sentinel LDK-EMS database could be installed on a single machine or on two separate machine inside the internal fire wall.
External access to the Vendor portal should be blocked by the external firewall.
All access to the Sentinel LDK-EMS database and the Vendor portal should be only through the internal firewall.
The diagram that follows shows the configuration described in this section.
Main Points of the Separate Portals Configuration
>End users (customers) and vendor employees access Sentinel LDK-EMS on different application servers.
>Differentiation is by authentication and authorization (access rights).
>External end users can access only the Customer portal of Sentinel LDK-EMS using a selected URL.
>Internal vendor users can access the Vendor portal of Sentinel LDK-EMS.
>The Sentinel LDK-EMS database can be accessed only by the internal network of the vendor.
Configuration Summary
>Deploy Sentinel LDK-EMS Service as a Vendor portal and as a Customer portal on two separate machine
>Deploy MS SQL Server for the Sentinel LDK-EMS database inside the internal firewall, on a separate machine or on the same machine as the Vendor portal.
>Use two proxies (internal and external).
>Configure the external proxy to allow only for the customer URL (set of URLs exposed only for Customer access), to allow access to the Customer portal.
>Set up Sentinel LDK-EMS Service for the Customer portal to access only the Sentinel LDK-EMS database and only through the internal firewall.
>Place the instance of Sentinel LDK-EMS Service for the Vendor portal inside the internal firewall
>Place the SQL server behind the internal proxy.
>A Sentinel Master key must be attached to each machine where Sentinel LDK-EMS Service is installed.