May 2019 - Blog updated for Track-It! 2018/2019 versions.
I receive this question from users periodically and I hate to start off by saying "It depends", but it does.
This type of setup, while fairly common, is not something to be taken lightly nor something that our Track-It! technical support team has expertise in. Please bear in mind that the things discussed in this article are necessary considerations for any public facing website that must interface with an internal network. These cautions and suggestions are not specific to Track-It! and involve a number of systems and settings that are outside of the context of Track-It! There are many factors involved with setting up this type of scenario and doing so in a way that is appropriate and secure for your environment. The setup will involve important decisions and configurations in your environment which our technical support team will not have knowledge of or be able to answer for you. While they may be able to guide you in best practices and examples of what most people do, they cannot make the decision for you or configure the system for you.
To begin, there are several different ways you can accomplish this task depending on:
- Your technical ability
- The resources you have available at your company/location
- How you want to present this information to users (raw IP address vs. pretty domain name)
- How secure your system needs to be
Things to consider
Generally speaking, this type of setup should not be attempted by someone without experience with these types of configurations as you could potentially expose your network and internal systems to external intruders.
This type of setup normally requires assistance from someone who is experienced with:
- Advanced network security
- Working with a DMZ
- IIS web server setup
- Domain registration
- Domain hosting
- DNS configuration
- Firewall/switch configuration
The process (in a nutshell)
This process can be fairly involved depending on the configuration used. Generally, you would work with someone with IIS Admin experience and network security experience to install Track-It! on a separate IIS Web server placed in a DMZ. That server is given an external IP address so that users out on the internet can access it. It is best practice to also obtain an SSL cert and install it on the web server so that all connections to the Track-It! Web site are performed securely over HTTPS. If you want a nice domain name like mycompany.com/helpdesk then you would need to work with a website domain provider to get that URL/Domain setup and pointed to the public IP address or to add a /helpdesk virtual directory or DNS entry that points to your Track-It! server. The Track-It! server also has to have access to the internal network and the SQL server. This can be done by opening ports, using proxies and other methods that people much smarter than I have come up with and understand how to set up. However you do it, at the end of the day, the Track-It! server needs to have a public IP address, be segregated outside your internal network for security and still have access to the SQL server inside the network.
Once you have this set up, your users should be able to connect to the IP address or URL to get to Track-It! from outside your company network. I know this article has not explained specific setup steps in order to set up this type of configuration but that is on purpose. Something like this should not be set up by someone who does not fully understand network security, the structure of the network and the policies and regulations of your company and/or industry. In the end I hope this information has been helpful.