This type of setup, while fairly common, is not something to be taken lightly nor something that our Track-It! technical support team has expertise in. Please bear in mind that the things discussed in this article are necessary considerations for any public facing website that must interface with an internal network. These cautions and suggestions are not specific to Track-It! and involve a number of systems and settings that are outside of the context of Track-It! There are many factors involved with setting up this type of scenario and doing so in a way that is appropriate and secure for your environment. The setup will involve important decisions and configurations in your environment which our technical support team will not have knowledge of or be able to answer for you. While they may be able to guide you in best practices and examples of what most people do, they cannot make the decision for you or configure the system for you.
To begin, there are several different ways you can accomplish this task depending on:
- Your technical ability
- The resources you have available at your company/location
- How you want to present this information to users (raw IP address vs. pretty domain name)
- How secure your system needs to be
- Working with a DMZ
- IIS web server setup
- Domain registration
- Domain hosting
- DNS configuration
- Firewall/switch configuration
Hide the Server name from the Public facing URL
- Add an Alias for the Web Server in the DNS . For Example the alias name is http//helpdesk.bmc.com . Pointing it to the Web server name not IP address of the server.Create an Alias (CNAME) Record in DNS for WEB1 | Microsoft Docs
- On the Track-It! Application server under the IIS Manager, Select Default site. Then in the middle section of IIS section select 'HTTP Redirect'. Select the option to redirect request and add “/trackit”.
3. Select "Only redirect request to content in this directory (not subdirectories)"
4. Restart IIS service and WWW publishing service.
Assign a Public IP Address to the Web Server in IIS Bindings.
Create and apply an SSL certificate to the Web Server for secure web sessions
Please ask your security team to help if needed – additional detailed information is in the link below
Also as a Technician you can use the Track-It! Mobile App: See Logging in to and logging out of the Track-It! Mobile App - Documentation for Track-It! 20.20 - BMC Documentation
The process (in a nutshell)
This process can be fairly involved depending on the configuration used. Generally, you would work with someone with IIS Admin experience and network security experience to install Track-It! on a separate IIS Web server placed in a DMZ. That server is given an external IP address so that users out on the internet can access it. It is best practice to also obtain an SSL cert and install it on the web server so that all connections to the Track-It! Web site are performed securely over HTTPS. If you want a nice domain name like mycompany.com/helpdesk then you would need to work with a website domain provider to get that URL/Domain setup and pointed to the public IP address or to add a /helpdesk virtual directory or DNS entry that points to your Track-It! server. The Track-It! server also has to have access to the internal network and the SQL server. This can be done by opening ports, using proxies and other methods that people much smarter than I have come up with and understand how to set up. However you do it, at the end of the day, the Track-It! server needs to have a public IP address, be segregated outside your internal network for security and still have access to the SQL server inside the network.
Here is how we have it done at our end.
Once you have this set up, your users should be able to connect to the IP address or URL to get to Track-It! from outside your company network. I know this article has not explained specific setup steps in order to set up this type of configuration but that is on purpose. Something like this should not be set up by someone who does not fully understand network security, the structure of the network and the policies and regulations of your company and/or industry. In the end I hope this information has been helpful.