Security and Authentication for the vFire Officer App
This topic contains instruction on the vFire Officer app, introduced in 9.2. For more information on the vFire app, which supports users from 9.7 and analysts from 9.10.1, see About the vFire App.
Depending on organizational security requirements, the recommended environment and security configurations may differ. The most common security recommendation is to create a demilitarized zone (DMZ) containing a reverse proxy server buffered by firewalls.
Three scenarios involving a DMZ are outlined in this topic and provide recommended configurations based on whether or not Windows Authentication is enabled on the vFire Core system within the secure network.
The app is not compatible with Windows Authentication, and must be configured to use a virtual directory with Anonymous Authentication enabled.
The three scenarios are:
- DMZ contains an Application Server with vFire Core installed. The vFire Core system within the secure network may / may not have Windows Auth enabled.
- DMZ contains a reverse proxy server. The vFire Core system within the secure network has Windows Authentication disabled.
- DMZ contains a reverse proxy server. The vFire Core system within the secure network has Windows Authenication enabled.
Work with your Network Administration teams to create a DMZ to safely expose connections to your vFire system.
Ports for the vFire Mobile App
HTTP | HTTPS | SQL | |
---|---|---|---|
Ports | 80 | 443 | 1433, 1434 |
Scenario 1: DMZ with an Application Server
Internal network | The internal server's vFire Core system may or may not have Windows Authentication enabled; it has no effect on this configuration. |
DMZ |
A second application server is configured within the DMZ to act as a reverse proxy server. On this server in the DMZ:
|
URL for Mobile App | The URL for the mobile app points to the server and virtual directory within the DMZ. |
Scenario 2: DMZ with Reverse Proxy Server. Windows Auth Disabled
Internal network | The internal server's vFire Core system does not have Windows Authentication enabled. |
DMZ |
A reverse proxy server is configured within the DMZ. On this server in the DMZ:
|
URL for Mobile App | The URL for the mobile app points to the reverse proxy server and virtual directory within the DMZ. |
Scenario 3: DMZ with Reverse Proxy Server. Windows Auth Enabled
Internal network |
The internal server's vFire Core system has Windows Authentication enabled. vFire Officer Mobile App is not compatible with Windows Authentication and must use a virtual directory with Windows Auth disabled. On the internal server:
|
DMZ |
A reverse proxy server is configured within the DMZ. On this server in the DMZ:
|
URL for Mobile App | The URL for the mobile app points to the reverse proxy server and virtual directory within the DMZ. |