Introduction

This document describes in general terms the requirements for internet facing web applications like Field Portal, Cloud Portal and Sage Web Screens, that integrate to Sage 300. Also, some possible security technology alternatives are discussed.

Technisoft is not a security or network consulting firm, please consult a professional security/network consultant for detailed advice.

All the above mentioned applications are using Sage 300 SDK and requires a full or workstation installation of Sage 300 with optional add-on modules. They connect using Sage .net Library which is a wrapper around the Sage 300 COM library.

Web server network access requirements

A server that hosts a web application that integrates to Sage 300 requires access to the following internal network resources:

Sage 300 Shared data file share

SQL Server where the company and system databases are stored

Generally, we recommend that Sage 300 and Service Manger are fully installed on a web server for performance reasons. If they are not then the additional access is required:

Sage 300 program files file share

SQL Server access

SQL server has a simple access requirement and normally only requires that its default port 1433 is open.

File share access

Microsoft Windows network access is more complicated. As far as Technisoft know the only way that a web server can access file share resources on another server is that if they both are in the same domain and that the web site runs under a domain account with rights to the relevant file shares.

This means the following access are required

Domain controller for user account verification

File share access

We do not know the details of which ports needs to be open for this access.

Internal web server

If the web server is located inside the firewall then most of the file access issues listed above are taken care off. In that case you only need to open the firewall for external HTTP traffic on a suitable port to the web server.

Web server in DMZ

If the web server is in a DMZ then the all the above security requirements have to be taken into account.

A professional security/network consultant should be able to advice on suitable firewalls and configuration that will give the increased level of security and at the same time allow for above mentioned network traffic.

SSL

To encrypt the web traffic from the web server to individual users SSL certificates must be enabled on the server.

Please see documentation from Microsoft regarding steps required to enable this feature.

Normally SSL certificates come with a yearly cost. An application with a limited audience, like Field Portal and Web Screens, can possibly use a self-created certificate.

The self-created certificate will still provide encryption of the information but not the authentication of the web site.

A public facing web site like Technisoft Cloud Portal should not use a self-created certificate as that will be experienced negatively by users. Also be aware that to take payments the website MUST be configured with an approved SSL certificate.

VPN

For internal web sites like Field Portal and Web Screens VPN can be considered as it extends the internal network using internet to company devices like laptops, tablets and phones.

It is not suitable for public facing application like Technisoft Cloud Portal.

Please contact your security/network consultant for more information about which VPN solutions are suitable for your organisation.