When deploying Track-It! help desk software on a public facing web server, there are many considerations that must be taken into account. On one hand, you want to make the system accessible to your help desk technicians in the field but at the same time, you don’t want to expose your network to potential security hacks either. This type of setup is something that our customers with distributed environments do but each implementation comes with its own configurations, considerations and challenges
This type of setup, while fairly common, is not something to be taken lightly nor something that our Track-It! technical support team has expertise in. Please bear in mind that the things discussed in this article are necessary considerations for any public facing website that must interface with an internal network. These cautions and suggestions are not specific to Track-It! Web and involve a number of systems and settings that are outside of the context of Track-It! Web. There are many factors involved with setting up this type of scenario and doing so in a way that is appropriate and secure for your environment. The setup will involve important decisions and configurations in your environment which our technical support team will not have knowledge of or be able to answer for you. While they may be able to guide you in best practices and examples of what most people do, they cannot make the decision for you or configure the system for you.
To begin, there are several different ways you can accomplish this task depending on your technical ability, the resources you have available at your company/location, how you want to present this information to the users (raw IP address vs. pretty domain name) and how secure your system needs to be.
Generally speaking, this type of setup should not be attempted by someone without experience with these types of configurations as you could potentially expose your network and internal systems to external intruders. This type of setup normally requires assistance from someone who is experienced with advanced network security, working with a DMZ, IIS web server setup, domain registration, domain hosting, DNS configuration, Proxies, SSL and firewall/switch configuration. The process can be fairly involved depending on the configuration used.
Normally, working with someone with IIS Admin experience and network security, Track-It! Web is installed on a separate IIS Web server placed in a DMZ. That server is given an external IP address so that users out on the internet can access it. It is best practice to also obtain an SSL cert and install it on the web server so that all connections to the Track-It! Web site are performed securely over HTTPS. If you want a nice domain name like mycompany.com/helpdesk then you would need to work with a website administrator to get that URL/Domain setup and pointed to the public IP address or to add a /helpdesk virtual directory entry that points to your Track-It! Web server. The Track-It! Web server also has to have access to the Track-It! server and to the Track-It! SQL server. This can be done by opening ports, using proxies and other methods that people much smarter than I have come up with and understand how to set up. However you do it, at the end of the day, the Track-It! Web server needs to have a public IP address, be segregated outside your internal network for security and still have access to the SQL and Track-It! servers.
Once you have this set up, your users should be able to connect to the IP address or URL that you have setup in order to get to Track-It! outside your company network. Other things to consider are the Technician/Mobile Web site and the Self Service site. You will need to have two different public links pointing to each of these if you are exposing both applications outside your network.