Standard Production Configuration for Sentinel LDK-EMS
Sentinel LDK-EMS Service and the SQL server for the Sentinel LDK-EMS database are each installed on a separate machine. Sentinel LDK-EMS Service is protected by an external firewall.
In this section:
> Main Points of the Standard Production Configuration
Installing Sentinel LDK-EMS
1.On one machine, create an SQL database with a user name and password. The user must have SQL sysadmin or dbcreator privileges for this database.
For more information, see Installing and Configuring SQL Server Manually (Optional).
2.On a second machine, run the Sentinel LDK-EMS installation procedure. In the procedure, ensure the following:
a.Select only Sentinel LDK-EMS for installation. It is not necessary to install Vendor Suite.
b.Select the Advanced setup type.
c.In the Sentinel LDK-EMS Database Configuration screen, specify the information for the SQL database you created earlier.
d.Select Use existing database.
The full Sentinel LDK-EMS installation procedure is described in Installing Sentinel LDK-EMS on Your Machine.
3.Complete the installation wizard.
Thales recommends that you specify to use the SSL communication protocol.
Configuring the Firewall
An external firewall should be configured to accept requests and to forward only the valid request to Sentinel LDK-EMS.
You can set firewall rules that enables your customers to access Sentinel LDK-EMS, but does not allow them to access the SQL database server, as shown in the diagram that follows.
Main Points of the Standard Production Configuration
>End users (customers) and vendor employees have access to a common Application server.
>Differentiation is by authentication and authorization (access rights).
>External end users can access only a selected URL.
>The Sentinel LDK-EMS database can be accessed only by the internal network of the vendor.
Configuration Summary
>Deploy Sentinel LDK-EMS Service and MS SQL Server for the Sentinel LDK-EMS database on two separate machines.
>Use an external firewall. Configure the firewall to allow only for the customer URL (set of URL expose only for Customer access).
>Place the web server (Sentinel LDK-EMS Service with Tomcat) and the SQL Server inside the firewall.
>The Sentinel Master key must be attached to the machine where Sentinel LDK-EMS Service is installed.