Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Secure Gateway

12 posts in General Discussion Last posting was on 2006-10-24 18:59:16.0Z
Owen32 Posted on 2006-08-07 15:33:08.0Z
From: "Owen32" <owen@helix.mgh.harvard.edu>
Newsgroups: ianywhere.public.mbusinessanywhere.general
Subject: Secure Gateway
Lines: 6
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Original
X-Original-NNTP-Posting-Host: owen32.mgh.harvard.edu
Message-ID: <44d75b1b$1@forums-2-dub>
X-Original-Trace: 7 Aug 2006 08:24:11 -0700, owen32.mgh.harvard.edu
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 7 Aug 2006 08:24:12 -0800, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 7 Aug 2006 08:33:08 -0700
X-Trace: forums-1-dub 1154964788 10.22.108.75 (7 Aug 2006 08:33:08 -0700)
X-Original-Trace: 7 Aug 2006 08:33:08 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:897
Article PK: 9136

Hello All - does anyone install m-business in a 'secure gatway' type model,
i.e. the 'listening' server is in a DMZ as a proxy to the actual m-biz
server in the main network? - - is there documentation or a process muck
like the secure gateway model available for Pylon AnyWhere? - chris o.


Dietrich Posted on 2006-08-08 19:12:01.0Z
From: Dietrich <Dietrich@iA.de>
User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719)
MIME-Version: 1.0
Newsgroups: ianywhere.public.mbusinessanywhere.general
Subject: Re: Secure Gateway
References: <44d75b1b$1@forums-2-dub>
In-Reply-To: <44d75b1b$1@forums-2-dub>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Original-NNTP-Posting-Host: p5086e371.dip.t-dialin.net
Message-ID: <44d8dfe1$1@forums-2-dub>
X-Original-Trace: 8 Aug 2006 12:02:57 -0700, p5086e371.dip.t-dialin.net
Lines: 13
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 8 Aug 2006 12:02:59 -0800, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 8 Aug 2006 12:12:01 -0700
X-Trace: forums-1-dub 1155064321 10.22.108.75 (8 Aug 2006 12:12:01 -0700)
X-Original-Trace: 8 Aug 2006 12:12:01 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:898
Article PK: 9139

Hi,

check out if an Apache server in Reverse-Proxy mode could do the job.

dietrich

Owen32 schrieb:

> Hello All - does anyone install m-business in a 'secure gatway' type model,
> i.e. the 'listening' server is in a DMZ as a proxy to the actual m-biz
> server in the main network? - - is there documentation or a process muck
> like the secure gateway model available for Pylon AnyWhere? - chris o.
>
>


Greg Fenton Posted on 2006-08-10 14:04:58.0Z
From: Greg Fenton <greg.fenton_nospam_@googles-mail-site.com>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: ianywhere.public.mbusinessanywhere.general
Subject: Re: Secure Gateway
References: <44d75b1b$1@forums-2-dub> <44d8dfe1$1@forums-2-dub>
In-Reply-To: <44d8dfe1$1@forums-2-dub>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Original-NNTP-Posting-Host: cpe00096b10fe8a-cm000f212f9e50.cpe.net.cable.rogers.com
Message-ID: <44db3adc$1@forums-2-dub>
X-Original-Trace: 10 Aug 2006 06:55:40 -0700, cpe00096b10fe8a-cm000f212f9e50.cpe.net.cable.rogers.com
Lines: 13
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 10 Aug 2006 06:55:42 -0800, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 10 Aug 2006 07:04:58 -0700
X-Trace: forums-1-dub 1155218698 10.22.108.75 (10 Aug 2006 07:04:58 -0700)
X-Original-Trace: 10 Aug 2006 07:04:58 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:899
Article PK: 9137


Dietrich wrote:
>
> check out if an Apache server in Reverse-Proxy mode could do the job.
>

Not 100% positive on this, but I do not believe this will work. There
is an m-Business reverse proxy server available, but from what I
remember you need to work with iAnywhere to get it.

g.f
--
Greg Fenton
Some Random Dude


Peter Gibbons Posted on 2006-08-17 03:13:56.0Z
Reply-To: "Peter Gibbons" <pgibbons@initech.com>
From: "Peter Gibbons" <pgibbons@initech.com>
Newsgroups: ianywhere.public.mbusinessanywhere.general
References: <44d75b1b$1@forums-2-dub> <44d8dfe1$1@forums-2-dub> <44db3adc$1@forums-2-dub>
Subject: Re: Secure Gateway
Lines: 29
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807
X-Original-NNTP-Posting-Host: surfwc054.sybase.com
Message-ID: <44e3dca3$1@forums-2-dub>
X-Original-Trace: 16 Aug 2006 20:04:03 -0700, surfwc054.sybase.com
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 16 Aug 2006 20:04:06 -0800, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 16 Aug 2006 20:13:56 -0700
X-Trace: forums-1-dub 1155784436 10.22.108.75 (16 Aug 2006 20:13:56 -0700)
X-Original-Trace: 16 Aug 2006 20:13:56 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:906
Article PK: 17830

M-Biz can sit behind commercial proxy servers so long as you aren't
synchronizing securely. If you are synchronizing securely you will need the
proxy server Greg mentioned.

M-Biz does not have a "secure gateway" service/server like Pylon Anywhere
that ships with the product.

--
Peter

"Yeah. The coversheet. I know, I know."

"Greg Fenton" <greg.fenton_nospam_@googles-mail-site.com> wrote in message
news:44db3adc$1@forums-2-dub...
> Dietrich wrote:
> >
> > check out if an Apache server in Reverse-Proxy mode could do the job.
> >
>
> Not 100% positive on this, but I do not believe this will work. There
> is an m-Business reverse proxy server available, but from what I
> remember you need to work with iAnywhere to get it.
>
> g.f
> --
> Greg Fenton
> Some Random Dude


Owen32 Posted on 2006-08-17 16:44:57.0Z
From: "Owen32" <owen@helix.mgh.harvard.edu>
Newsgroups: ianywhere.public.mbusinessanywhere.general
References: <44d75b1b$1@forums-2-dub> <44d8dfe1$1@forums-2-dub> <44db3adc$1@forums-2-dub> <44e3dca3$1@forums-2-dub>
Subject: Re: Secure Gateway
Lines: 52
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Original
NNTP-Posting-Host: owen32.mgh.harvard.edu
X-Original-NNTP-Posting-Host: owen32.mgh.harvard.edu
Message-ID: <44e49d09$1@forums-1-dub>
Date: 17 Aug 2006 09:44:57 -0700
X-Trace: forums-1-dub 1155833097 132.183.173.227 (17 Aug 2006 09:44:57 -0700)
X-Original-Trace: 17 Aug 2006 09:44:57 -0700, owen32.mgh.harvard.edu
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:909
Article PK: 17832

Hello - yes, Ali @ Sybase support just called back on a submitted case on
this request with info on a solution(s) - basically:

1) - as you indicate, a reverse-proxy in front will work but only if the
sync is not encrypted - in this case this defeats the purpose of trying to
increase security with a 'secure gateway' like configuration -

2) - iAny Professional Services has a custom mod for apache that run as a
reverse-proxy and supports encrypted sync for a DMZ deployment like the
Pylon AnyWhere Secure Gateway - as you indicate, this solution is not
routinely available as part of the M-Business product (???) -

- hopefully, I'm now in the Q with Professional Services to get more
detailed info and possible the parts needed to run a more secure gateway -

chris o.

"Peter Gibbons" <pgibbons@initech.com> wrote in message
news:44e3dca3$1@forums-2-dub...
> M-Biz can sit behind commercial proxy servers so long as you aren't
> synchronizing securely. If you are synchronizing securely you will need
> the
> proxy server Greg mentioned.
>
> M-Biz does not have a "secure gateway" service/server like Pylon Anywhere
> that ships with the product.
>
> --
> Peter
>
> "Yeah. The coversheet. I know, I know."
>
> "Greg Fenton" <greg.fenton_nospam_@googles-mail-site.com> wrote in message
> news:44db3adc$1@forums-2-dub...
>> Dietrich wrote:
>> >
>> > check out if an Apache server in Reverse-Proxy mode could do the job.
>> >
>>
>> Not 100% positive on this, but I do not believe this will work. There
>> is an m-Business reverse proxy server available, but from what I
>> remember you need to work with iAnywhere to get it.
>>
>> g.f
>> --
>> Greg Fenton
>> Some Random Dude
>
>


Owen32 Posted on 2006-10-20 19:01:13.0Z
From: "Owen32" <owen@helix.mgh.harvard.edu>
Newsgroups: ianywhere.public.mbusinessanywhere.general
References: <44d75b1b$1@forums-2-dub> <44d8dfe1$1@forums-2-dub> <44db3adc$1@forums-2-dub> <44e3dca3$1@forums-2-dub> <44e49d09$1@forums-1-dub>
Subject: Re: Secure Gateway
Lines: 83
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Response
NNTP-Posting-Host: owen32.mgh.harvard.edu
X-Original-NNTP-Posting-Host: owen32.mgh.harvard.edu
Message-ID: <45391cf9@forums-1-dub>
Date: 20 Oct 2006 12:01:13 -0700
X-Trace: forums-1-dub 1161370873 132.183.173.227 (20 Oct 2006 12:01:13 -0700)
X-Original-Trace: 20 Oct 2006 12:01:13 -0700, owen32.mgh.harvard.edu
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:943
Article PK: 9157

Hello All - just an update - I finaly did get a contact through Professional
Services - it seems there is indeed a secure gateway solution on the shelf -
in fact, Greg F. is probably the only one that has ever used this custom
secure gateway program (I'm told) and '...no one else...' has ever asked for
a DMZ-secure-gateway configuration - i.e. there is no demand for a more
secure system -

- I'm told that SG appears to have been written for a linux box and that it
would take some time to dust it off and compile it, test it etc and then
there is the issue of making it work as an apache mod on a windows system -

- unfortunately, $$$$ is the issue - so this is not a solution for me -

- my enterprise IS security group is pushing me to move my m-business server
into a vDMZ configuration - from there there are no plans to allow access
into the internal network - this essentially kills any use of m-business to
access content behind the internal firewalls -

- any one have suggestions? -

iNTERNET--> FIREWALL --> vDMZ & M-business server --> FIREWALL ---> internal
resources

thanks, chris o.

"Owen32" <owen@helix.mgh.harvard.edu> wrote in message
news:44e49d09$1@forums-1-dub...
> Hello - yes, Ali @ Sybase support just called back on a submitted case on
> this request with info on a solution(s) - basically:
>
> 1) - as you indicate, a reverse-proxy in front will work but only if the
> sync is not encrypted - in this case this defeats the purpose of trying to
> increase security with a 'secure gateway' like configuration -
>
> 2) - iAny Professional Services has a custom mod for apache that run as a
> reverse-proxy and supports encrypted sync for a DMZ deployment like the
> Pylon AnyWhere Secure Gateway - as you indicate, this solution is not
> routinely available as part of the M-Business product (???) -
>
> - hopefully, I'm now in the Q with Professional Services to get more
> detailed info and possible the parts needed to run a more secure gateway -
>
> chris o.
>
>
> "Peter Gibbons" <pgibbons@initech.com> wrote in message
> news:44e3dca3$1@forums-2-dub...
>> M-Biz can sit behind commercial proxy servers so long as you aren't
>> synchronizing securely. If you are synchronizing securely you will need
>> the
>> proxy server Greg mentioned.
>>
>> M-Biz does not have a "secure gateway" service/server like Pylon Anywhere
>> that ships with the product.
>>
>> --
>> Peter
>>
>> "Yeah. The coversheet. I know, I know."
>>
>> "Greg Fenton" <greg.fenton_nospam_@googles-mail-site.com> wrote in
>> message
>> news:44db3adc$1@forums-2-dub...
>>> Dietrich wrote:
>>> >
>>> > check out if an Apache server in Reverse-Proxy mode could do the job.
>>> >
>>>
>>> Not 100% positive on this, but I do not believe this will work. There
>>> is an m-Business reverse proxy server available, but from what I
>>> remember you need to work with iAnywhere to get it.
>>>
>>> g.f
>>> --
>>> Greg Fenton
>>> Some Random Dude
>>
>>
>
>


Peter Gibbons Posted on 2006-10-20 20:57:32.0Z
Reply-To: "Peter Gibbons" <pgibbons@initech.com>
From: "Peter Gibbons" <pgibbons@initech.com>
Newsgroups: ianywhere.public.mbusinessanywhere.general
References: <44d75b1b$1@forums-2-dub> <44d8dfe1$1@forums-2-dub> <44db3adc$1@forums-2-dub> <44e3dca3$1@forums-2-dub> <44e49d09$1@forums-1-dub> <45391cf9@forums-1-dub>
Subject: Re: Secure Gateway
Lines: 104
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Response
NNTP-Posting-Host: surfwc054.sybase.com
X-Original-NNTP-Posting-Host: surfwc054.sybase.com
Message-ID: <4539383c@forums-1-dub>
Date: 20 Oct 2006 13:57:32 -0700
X-Trace: forums-1-dub 1161377852 192.138.150.54 (20 Oct 2006 13:57:32 -0700)
X-Original-Trace: 20 Oct 2006 13:57:32 -0700, surfwc054.sybase.com
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:945
Article PK: 9153

Are they strictly forbidding any connections to the internal network? If
not, why not just put a reverse proxy behind the M-Business Server?

Internet -> Outer Firewall -> DMZ (MBA) -> Reverse Proxy -> Inner
Firewall -> Internal Network

You could then lock down the reverse proxy server to deny requests from
anyone but the MBA server.

--
Peter

"Yeah. The coversheet. I know, I know."

"Owen32" <owen@helix.mgh.harvard.edu> wrote in message
news:45391cf9@forums-1-dub...
> Hello All - just an update - I finaly did get a contact through
> Professional Services - it seems there is indeed a secure gateway solution
> on the shelf - in fact, Greg F. is probably the only one that has ever
> used this custom secure gateway program (I'm told) and '...no one else...'
> has ever asked for a DMZ-secure-gateway configuration - i.e. there is no
> demand for a more secure system -
>
> - I'm told that SG appears to have been written for a linux box and that
> it would take some time to dust it off and compile it, test it etc and
> then there is the issue of making it work as an apache mod on a windows
> system -
>
> - unfortunately, $$$$ is the issue - so this is not a solution for me -
>
> - my enterprise IS security group is pushing me to move my m-business
> server into a vDMZ configuration - from there there are no plans to allow
> access into the internal network - this essentially kills any use of
> m-business to access content behind the internal firewalls -
>
> - any one have suggestions? -
>
> iNTERNET--> FIREWALL --> vDMZ & M-business server --> FIREWALL --->
> internal resources
>
> thanks, chris o.
>
>
> "Owen32" <owen@helix.mgh.harvard.edu> wrote in message
> news:44e49d09$1@forums-1-dub...
>> Hello - yes, Ali @ Sybase support just called back on a submitted case on
>> this request with info on a solution(s) - basically:
>>
>> 1) - as you indicate, a reverse-proxy in front will work but only if the
>> sync is not encrypted - in this case this defeats the purpose of trying
>> to increase security with a 'secure gateway' like configuration -
>>
>> 2) - iAny Professional Services has a custom mod for apache that run as a
>> reverse-proxy and supports encrypted sync for a DMZ deployment like the
>> Pylon AnyWhere Secure Gateway - as you indicate, this solution is not
>> routinely available as part of the M-Business product (???) -
>>
>> - hopefully, I'm now in the Q with Professional Services to get more
>> detailed info and possible the parts needed to run a more secure
>> gateway -
>>
>> chris o.
>>
>>
>> "Peter Gibbons" <pgibbons@initech.com> wrote in message
>> news:44e3dca3$1@forums-2-dub...
>>> M-Biz can sit behind commercial proxy servers so long as you aren't
>>> synchronizing securely. If you are synchronizing securely you will need
>>> the
>>> proxy server Greg mentioned.
>>>
>>> M-Biz does not have a "secure gateway" service/server like Pylon
>>> Anywhere
>>> that ships with the product.
>>>
>>> --
>>> Peter
>>>
>>> "Yeah. The coversheet. I know, I know."
>>>
>>> "Greg Fenton" <greg.fenton_nospam_@googles-mail-site.com> wrote in
>>> message
>>> news:44db3adc$1@forums-2-dub...
>>>> Dietrich wrote:
>>>> >
>>>> > check out if an Apache server in Reverse-Proxy mode could do the job.
>>>> >
>>>>
>>>> Not 100% positive on this, but I do not believe this will work. There
>>>> is an m-Business reverse proxy server available, but from what I
>>>> remember you need to work with iAnywhere to get it.
>>>>
>>>> g.f
>>>> --
>>>> Greg Fenton
>>>> Some Random Dude
>>>
>>>
>>
>>
>
>


Owen32 Posted on 2006-10-22 23:51:30.0Z
From: "Owen32" <owen@helix.mgh.harvard.edu>
Newsgroups: ianywhere.public.mbusinessanywhere.general
References: <44d75b1b$1@forums-2-dub> <44d8dfe1$1@forums-2-dub> <44db3adc$1@forums-2-dub> <44e3dca3$1@forums-2-dub> <44e49d09$1@forums-1-dub> <45391cf9@forums-1-dub> <4539383c@forums-1-dub>
Subject: Re: Secure Gateway
Lines: 129
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Response
NNTP-Posting-Host: c-66-30-253-57.hsd1.ma.comcast.net
X-Original-NNTP-Posting-Host: c-66-30-253-57.hsd1.ma.comcast.net
Message-ID: <453c0402$1@forums-1-dub>
Date: 22 Oct 2006 16:51:30 -0700
X-Trace: forums-1-dub 1161561090 66.30.253.57 (22 Oct 2006 16:51:30 -0700)
X-Original-Trace: 22 Oct 2006 16:51:30 -0700, c-66-30-253-57.hsd1.ma.comcast.net
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:947
Article PK: 9155

- technically, yes, they will not allow connections from the vDMZ into the
internal net - that is the Enterprise security model - of course the
Enterprise IS group makes exceptions for their systems but not departmental
systems -

- in any case, I'm told that with 'secure connections' required for M-Biz
(which is what I've setup), that a generic reverse-proxy system will not
work -

- the system that Greg F. built (? while at Sybase) this does work, but
Sybase does not offer it as a general solution for M-Biz systems -

- a similar version of a secure gateway is packaged with iAnyWhere Pylon
(http://www.ianywhere.com/developer/product_manuals/pylon_anywhere/70/en/pdf/securegatewaygdeen.pdf)
which I'm in process of implementing for my Pylon users -

- again, Sybase Professional Services says there is no demand for a 'secure
gateway' model for m-Biz (???) -

"Peter Gibbons" <pgibbons@initech.com> wrote in message
news:4539383c@forums-1-dub...
> Are they strictly forbidding any connections to the internal network? If
> not, why not just put a reverse proxy behind the M-Business Server?
>
> Internet -> Outer Firewall -> DMZ (MBA) -> Reverse Proxy -> Inner
> Firewall -> Internal Network
>
> You could then lock down the reverse proxy server to deny requests from
> anyone but the MBA server.
>
> --
> Peter
>
> "Yeah. The coversheet. I know, I know."
>
> "Owen32" <owen@helix.mgh.harvard.edu> wrote in message
> news:45391cf9@forums-1-dub...
>> Hello All - just an update - I finaly did get a contact through
>> Professional Services - it seems there is indeed a secure gateway
>> solution on the shelf - in fact, Greg F. is probably the only one that
>> has ever used this custom secure gateway program (I'm told) and '...no
>> one else...' has ever asked for a DMZ-secure-gateway configuration - i.e.
>> there is no demand for a more secure system -
>>
>> - I'm told that SG appears to have been written for a linux box and that
>> it would take some time to dust it off and compile it, test it etc and
>> then there is the issue of making it work as an apache mod on a windows
>> system -
>>
>> - unfortunately, $$$$ is the issue - so this is not a solution for me -
>>
>> - my enterprise IS security group is pushing me to move my m-business
>> server into a vDMZ configuration - from there there are no plans to allow
>> access into the internal network - this essentially kills any use of
>> m-business to access content behind the internal firewalls -
>>
>> - any one have suggestions? -
>>
>> iNTERNET--> FIREWALL --> vDMZ & M-business server --> FIREWALL --->
>> internal resources
>>
>> thanks, chris o.
>>
>>
>> "Owen32" <owen@helix.mgh.harvard.edu> wrote in message
>> news:44e49d09$1@forums-1-dub...
>>> Hello - yes, Ali @ Sybase support just called back on a submitted case
>>> on this request with info on a solution(s) - basically:
>>>
>>> 1) - as you indicate, a reverse-proxy in front will work but only if
>>> the sync is not encrypted - in this case this defeats the purpose of
>>> trying to increase security with a 'secure gateway' like configuration -
>>>
>>> 2) - iAny Professional Services has a custom mod for apache that run as
>>> a reverse-proxy and supports encrypted sync for a DMZ deployment like
>>> the Pylon AnyWhere Secure Gateway - as you indicate, this solution is
>>> not routinely available as part of the M-Business product (???) -
>>>
>>> - hopefully, I'm now in the Q with Professional Services to get more
>>> detailed info and possible the parts needed to run a more secure
>>> gateway -
>>>
>>> chris o.
>>>
>>>
>>> "Peter Gibbons" <pgibbons@initech.com> wrote in message
>>> news:44e3dca3$1@forums-2-dub...
>>>> M-Biz can sit behind commercial proxy servers so long as you aren't
>>>> synchronizing securely. If you are synchronizing securely you will
>>>> need the
>>>> proxy server Greg mentioned.
>>>>
>>>> M-Biz does not have a "secure gateway" service/server like Pylon
>>>> Anywhere
>>>> that ships with the product.
>>>>
>>>> --
>>>> Peter
>>>>
>>>> "Yeah. The coversheet. I know, I know."
>>>>
>>>> "Greg Fenton" <greg.fenton_nospam_@googles-mail-site.com> wrote in
>>>> message
>>>> news:44db3adc$1@forums-2-dub...
>>>>> Dietrich wrote:
>>>>> >
>>>>> > check out if an Apache server in Reverse-Proxy mode could do the
>>>>> > job.
>>>>> >
>>>>>
>>>>> Not 100% positive on this, but I do not believe this will work. There
>>>>> is an m-Business reverse proxy server available, but from what I
>>>>> remember you need to work with iAnywhere to get it.
>>>>>
>>>>> g.f
>>>>> --
>>>>> Greg Fenton
>>>>> Some Random Dude
>>>>
>>>>
>>>
>>>
>>
>>
>
>


Peter Gibbons Posted on 2006-10-23 20:34:43.0Z
Reply-To: "Peter Gibbons" <pgibbons@initech.com>
From: "Peter Gibbons" <pgibbons@initech.com>
Newsgroups: ianywhere.public.mbusinessanywhere.general
References: <44d75b1b$1@forums-2-dub> <44d8dfe1$1@forums-2-dub> <44db3adc$1@forums-2-dub> <44e3dca3$1@forums-2-dub> <44e49d09$1@forums-1-dub> <45391cf9@forums-1-dub> <4539383c@forums-1-dub> <453c0402$1@forums-1-dub>
Subject: Re: Secure Gateway
Lines: 174
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Response
NNTP-Posting-Host: surfwc054.sybase.com
X-Original-NNTP-Posting-Host: surfwc054.sybase.com
Message-ID: <453d2763$1@forums-1-dub>
Date: 23 Oct 2006 13:34:43 -0700
X-Trace: forums-1-dub 1161635683 192.138.150.54 (23 Oct 2006 13:34:43 -0700)
X-Original-Trace: 23 Oct 2006 13:34:43 -0700, surfwc054.sybase.com
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:948
Article PK: 9156

I guess, if IT will not allow any connections from the DMZ to the Internal
network, I'm not sure how the custom reverse proxy server would help to
redirect sync requests from the DMZ to the MBA server on the internal
network. Isn't the architecture at some point going to need access to the
web services hosting your mobile application or the MBA server? (Perhaps
I'm reading too literally into your post.) Are there any specific security
concerns your IT department has with leaving the MBA server in the DMZ we
can help you address? Addressing these might be easier.

A generic Reverse Proxy server will not be supported in front of our MBA
server for secure synchronizations. From what I suggested though, you could
leave MBA in the DMZ to support secure synchronization and have it accessing
internal resources securely through a reverse proxy server to the internal
network.

Internet ->SSL/HTTPS -> MBA -> HTTPS/Reverse Proxy -> Internal Network

In a sense the MBA server itself will act as the reverse proxy supporting
secure synchronizations. The only support you wouldn't have here is
NTDomain or LDAP/AD integration (assuming IT restrictions) with your MBA
server, in which case this architecture wouldn't work.

I don't believe there is much demand for the Secure Reverse Proxy mod with
MBA, mostly because the MBA Server already functions to a high degree in
this capacity. Unfortunately I don't know of any other method for you to
implement the secure reverse proxy without engaging the Services team. You
might ask if it is possible to get a compiled version and try to implement
it yourself. It wouldn't hurt to ask if this is possible at least.

One alternate suggestion you may look at, if you are restricted from using
the above suggestion because the MBA server is integrated with NTDomain or
AD through LDAP, is to explore leaving the MBA server in the DMZ and using
the SOAP services for user/group creation and administration.

--
Peter

"Yeah. The coversheet. I know, I know."

"Owen32" <owen@helix.mgh.harvard.edu> wrote in message
news:453c0402$1@forums-1-dub...
>- technically, yes, they will not allow connections from the vDMZ into the
>internal net - that is the Enterprise security model - of course the
>Enterprise IS group makes exceptions for their systems but not departmental
>systems -
>
> - in any case, I'm told that with 'secure connections' required for M-Biz
> (which is what I've setup), that a generic reverse-proxy system will not
> work -
>
> - the system that Greg F. built (? while at Sybase) this does work, but
> Sybase does not offer it as a general solution for M-Biz systems -
>
> - a similar version of a secure gateway is packaged with iAnyWhere Pylon
> (http://www.ianywhere.com/developer/product_manuals/pylon_anywhere/70/en/pdf/securegatewaygdeen.pdf)
> which I'm in process of implementing for my Pylon users -
>
> - again, Sybase Professional Services says there is no demand for a
> 'secure gateway' model for m-Biz (???) -
>
>
> "Peter Gibbons" <pgibbons@initech.com> wrote in message
> news:4539383c@forums-1-dub...
>> Are they strictly forbidding any connections to the internal network? If
>> not, why not just put a reverse proxy behind the M-Business Server?
>>
>> Internet -> Outer Firewall -> DMZ (MBA) -> Reverse Proxy -> Inner
>> Firewall -> Internal Network
>>
>> You could then lock down the reverse proxy server to deny requests from
>> anyone but the MBA server.
>>
>> --
>> Peter
>>
>> "Yeah. The coversheet. I know, I know."
>>
>> "Owen32" <owen@helix.mgh.harvard.edu> wrote in message
>> news:45391cf9@forums-1-dub...
>>> Hello All - just an update - I finaly did get a contact through
>>> Professional Services - it seems there is indeed a secure gateway
>>> solution on the shelf - in fact, Greg F. is probably the only one that
>>> has ever used this custom secure gateway program (I'm told) and '...no
>>> one else...' has ever asked for a DMZ-secure-gateway configuration -
>>> i.e. there is no demand for a more secure system -
>>>
>>> - I'm told that SG appears to have been written for a linux box and that
>>> it would take some time to dust it off and compile it, test it etc and
>>> then there is the issue of making it work as an apache mod on a windows
>>> system -
>>>
>>> - unfortunately, $$$$ is the issue - so this is not a solution for me -
>>>
>>> - my enterprise IS security group is pushing me to move my m-business
>>> server into a vDMZ configuration - from there there are no plans to
>>> allow access into the internal network - this essentially kills any use
>>> of m-business to access content behind the internal firewalls -
>>>
>>> - any one have suggestions? -
>>>
>>> iNTERNET--> FIREWALL --> vDMZ & M-business server --> FIREWALL --->
>>> internal resources
>>>
>>> thanks, chris o.
>>>
>>>
>>> "Owen32" <owen@helix.mgh.harvard.edu> wrote in message
>>> news:44e49d09$1@forums-1-dub...
>>>> Hello - yes, Ali @ Sybase support just called back on a submitted case
>>>> on this request with info on a solution(s) - basically:
>>>>
>>>> 1) - as you indicate, a reverse-proxy in front will work but only if
>>>> the sync is not encrypted - in this case this defeats the purpose of
>>>> trying to increase security with a 'secure gateway' like
>>>> configuration -
>>>>
>>>> 2) - iAny Professional Services has a custom mod for apache that run as
>>>> a reverse-proxy and supports encrypted sync for a DMZ deployment like
>>>> the Pylon AnyWhere Secure Gateway - as you indicate, this solution is
>>>> not routinely available as part of the M-Business product (???) -
>>>>
>>>> - hopefully, I'm now in the Q with Professional Services to get more
>>>> detailed info and possible the parts needed to run a more secure
>>>> gateway -
>>>>
>>>> chris o.
>>>>
>>>>
>>>> "Peter Gibbons" <pgibbons@initech.com> wrote in message
>>>> news:44e3dca3$1@forums-2-dub...
>>>>> M-Biz can sit behind commercial proxy servers so long as you aren't
>>>>> synchronizing securely. If you are synchronizing securely you will
>>>>> need the
>>>>> proxy server Greg mentioned.
>>>>>
>>>>> M-Biz does not have a "secure gateway" service/server like Pylon
>>>>> Anywhere
>>>>> that ships with the product.
>>>>>
>>>>> --
>>>>> Peter
>>>>>
>>>>> "Yeah. The coversheet. I know, I know."
>>>>>
>>>>> "Greg Fenton" <greg.fenton_nospam_@googles-mail-site.com> wrote in
>>>>> message
>>>>> news:44db3adc$1@forums-2-dub...
>>>>>> Dietrich wrote:
>>>>>> >
>>>>>> > check out if an Apache server in Reverse-Proxy mode could do the
>>>>>> > job.
>>>>>> >
>>>>>>
>>>>>> Not 100% positive on this, but I do not believe this will work.
>>>>>> There
>>>>>> is an m-Business reverse proxy server available, but from what I
>>>>>> remember you need to work with iAnywhere to get it.
>>>>>>
>>>>>> g.f
>>>>>> --
>>>>>> Greg Fenton
>>>>>> Some Random Dude
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


Owen32 Posted on 2006-10-24 16:31:24.0Z
From: "Owen32" <owen@helix.mgh.harvard.edu>
Newsgroups: ianywhere.public.mbusinessanywhere.general
References: <44d75b1b$1@forums-2-dub> <44d8dfe1$1@forums-2-dub> <44db3adc$1@forums-2-dub> <44e3dca3$1@forums-2-dub> <44e49d09$1@forums-1-dub> <45391cf9@forums-1-dub> <4539383c@forums-1-dub> <453c0402$1@forums-1-dub> <453d2763$1@forums-1-dub>
Subject: Re: Secure Gateway
Lines: 71
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Response
NNTP-Posting-Host: owen32.mgh.harvard.edu
X-Original-NNTP-Posting-Host: owen32.mgh.harvard.edu
Message-ID: <453e3fdc@forums-1-dub>
Date: 24 Oct 2006 09:31:24 -0700
X-Trace: forums-1-dub 1161707484 132.183.173.227 (24 Oct 2006 09:31:24 -0700)
X-Original-Trace: 24 Oct 2006 09:31:24 -0700, owen32.mgh.harvard.edu
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:951
Article PK: 9160

hello - must be just wishful thinking - to be clear on how things are by
policy here:
1) enterprise IS requires any system with internet facing services to move
into a vDMZ
2) in their security model, there will be NO access from the vDMZ back into
the internal network; access from the internal network into the vDMZ is
allowed at the same level as the external firewall port exception list that
allows access from the internet (of course, there are limited exceptions to
this, but....)
3) AD/Domain/LDAP authentication from the vDMZ back to the internal network
is not allowed

- strictly following their security model, it will kill most systems that
need both internet, facing services as well as access to internal
information that users need -

- running a vpn client on the handheld is an option but adds more complexity
for the user -

- in terms of a flow diagram, this is what I've been looking for:

internet<-->external firewall<-->secure gateway (for m-biz)<--internal
firewall<--M-Biz Server<-->internal resources

- the same kind of secure gateway configuration as the iAnyWhere Pylon 7
diagram -

- yes, m-biz is not Pylon; does different things - Pylon does offer 'mobile
web sites" but just not for Palm devices -

chris o.

"Peter Gibbons" <pgibbons@initech.com> wrote in message
news:453d2763$1@forums-1-dub...
>I guess, if IT will not allow any connections from the DMZ to the Internal
>network, I'm not sure how the custom reverse proxy server would help to
>redirect sync requests from the DMZ to the MBA server on the internal
>network. Isn't the architecture at some point going to need access to the
>web services hosting your mobile application or the MBA server? (Perhaps
>I'm reading too literally into your post.) Are there any specific security
>concerns your IT department has with leaving the MBA server in the DMZ we
>can help you address? Addressing these might be easier.
>
> A generic Reverse Proxy server will not be supported in front of our MBA
> server for secure synchronizations. From what I suggested though, you
> could leave MBA in the DMZ to support secure synchronization and have it
> accessing internal resources securely through a reverse proxy server to
> the internal network.
>
> Internet ->SSL/HTTPS -> MBA -> HTTPS/Reverse Proxy -> Internal Network
>
> In a sense the MBA server itself will act as the reverse proxy supporting
> secure synchronizations. The only support you wouldn't have here is
> NTDomain or LDAP/AD integration (assuming IT restrictions) with your MBA
> server, in which case this architecture wouldn't work.
>
> I don't believe there is much demand for the Secure Reverse Proxy mod with
> MBA, mostly because the MBA Server already functions to a high degree in
> this capacity. Unfortunately I don't know of any other method for you to
> implement the secure reverse proxy without engaging the Services team.
> You might ask if it is possible to get a compiled version and try to
> implement it yourself. It wouldn't hurt to ask if this is possible at
> least.
>
> One alternate suggestion you may look at, if you are restricted from using
> the above suggestion because the MBA server is integrated with NTDomain or
> AD through LDAP, is to explore leaving the MBA server in the DMZ and using
> the SOAP services for user/group creation and administration.
>


Peter Gibbons Posted on 2006-10-24 18:59:16.0Z
Reply-To: "Peter Gibbons" <pgibbons@initech.com>
From: "Peter Gibbons" <pgibbons@initech.com>
Newsgroups: ianywhere.public.mbusinessanywhere.general
References: <44d75b1b$1@forums-2-dub> <44d8dfe1$1@forums-2-dub> <44db3adc$1@forums-2-dub> <44e3dca3$1@forums-2-dub> <44e49d09$1@forums-1-dub> <45391cf9@forums-1-dub> <4539383c@forums-1-dub> <453c0402$1@forums-1-dub> <453d2763$1@forums-1-dub> <453e3fdc@forums-1-dub>
Subject: Re: Secure Gateway
Lines: 94
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
NNTP-Posting-Host: c-24-5-174-250.hsd1.ca.comcast.net
X-Original-NNTP-Posting-Host: c-24-5-174-250.hsd1.ca.comcast.net
Message-ID: <453e6284$1@forums-1-dub>
Date: 24 Oct 2006 11:59:16 -0700
X-Trace: forums-1-dub 1161716356 24.5.174.250 (24 Oct 2006 11:59:16 -0700)
X-Original-Trace: 24 Oct 2006 11:59:16 -0700, c-24-5-174-250.hsd1.ca.comcast.net
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:952
Article PK: 9159

Sorry, it does sound like these restrictions are going to complicate things.
Even with the Reverse Proxy support, socket connections are not inititated
from the MBA server to the Reverse Proxy server. (Not as far as I know.)
So even that wouldn't take on the same needed architecture.

VPN client access sounds like it might be a possible option. I know Movian
is a good one.

The other might be to explore moving the Mobile application content out into
the DMZ as well and pushing the content through to the internal firewall.
If you have database driven content, SQLAnywhere MobiLink may help with data
synchronization to a staging db in the DMZ.

--
Peter

"Yeah. The coversheet. I know, I know."

"Owen32" <owen@helix.mgh.harvard.edu> wrote in message
news:453e3fdc@forums-1-dub...
> hello - must be just wishful thinking - to be clear on how things are by
> policy here:
> 1) enterprise IS requires any system with internet facing services to move
> into a vDMZ
> 2) in their security model, there will be NO access from the vDMZ back
> into the internal network; access from the internal network into the vDMZ
> is allowed at the same level as the external firewall port exception list
> that allows access from the internet (of course, there are limited
> exceptions to this, but....)
> 3) AD/Domain/LDAP authentication from the vDMZ back to the internal
> network is not allowed
>
> - strictly following their security model, it will kill most systems that
> need both internet, facing services as well as access to internal
> information that users need -
>
> - running a vpn client on the handheld is an option but adds more
> complexity for the user -
>
> - in terms of a flow diagram, this is what I've been looking for:
>
> internet<-->external firewall<-->secure gateway (for m-biz)<--internal
> firewall<--M-Biz Server<-->internal resources
>
> - the same kind of secure gateway configuration as the iAnyWhere Pylon 7
> diagram -
>
> - yes, m-biz is not Pylon; does different things - Pylon does offer
> 'mobile web sites" but just not for Palm devices -
>
> chris o.
>
> "Peter Gibbons" <pgibbons@initech.com> wrote in message
> news:453d2763$1@forums-1-dub...
>>I guess, if IT will not allow any connections from the DMZ to the Internal
>>network, I'm not sure how the custom reverse proxy server would help to
>>redirect sync requests from the DMZ to the MBA server on the internal
>>network. Isn't the architecture at some point going to need access to the
>>web services hosting your mobile application or the MBA server? (Perhaps
>>I'm reading too literally into your post.) Are there any specific
>>security concerns your IT department has with leaving the MBA server in
>>the DMZ we can help you address? Addressing these might be easier.
>>
>> A generic Reverse Proxy server will not be supported in front of our MBA
>> server for secure synchronizations. From what I suggested though, you
>> could leave MBA in the DMZ to support secure synchronization and have it
>> accessing internal resources securely through a reverse proxy server to
>> the internal network.
>>
>> Internet ->SSL/HTTPS -> MBA -> HTTPS/Reverse Proxy -> Internal Network
>>
>> In a sense the MBA server itself will act as the reverse proxy supporting
>> secure synchronizations. The only support you wouldn't have here is
>> NTDomain or LDAP/AD integration (assuming IT restrictions) with your MBA
>> server, in which case this architecture wouldn't work.
>>
>> I don't believe there is much demand for the Secure Reverse Proxy mod
>> with MBA, mostly because the MBA Server already functions to a high
>> degree in this capacity. Unfortunately I don't know of any other method
>> for you to implement the secure reverse proxy without engaging the
>> Services team. You might ask if it is possible to get a compiled version
>> and try to implement it yourself. It wouldn't hurt to ask if this is
>> possible at least.
>>
>> One alternate suggestion you may look at, if you are restricted from
>> using the above suggestion because the MBA server is integrated with
>> NTDomain or AD through LDAP, is to explore leaving the MBA server in the
>> DMZ and using the SOAP services for user/group creation and
>> administration.
>>
>
>


Ala Posted on 2006-09-13 17:56:45.0Z
Sender: 7efa.450843f5.1804289383@sybase.com
From: Ala
Newsgroups: ianywhere.public.mbusinessanywhere.general
Subject: ecommerce job
X-Mailer: WebNews to Mail Gateway v1.1t
Message-ID: <4508465d.7f0b.1681692777@sybase.com>
References: <44db3adc$1@forums-2-dub>
NNTP-Posting-Host: 10.22.241.41
X-Original-NNTP-Posting-Host: 10.22.241.41
Date: 13 Sep 2006 10:56:45 -0700
X-Trace: forums-1-dub 1158170205 10.22.241.41 (13 Sep 2006 10:56:45 -0700)
X-Original-Trace: 13 Sep 2006 10:56:45 -0700, 10.22.241.41
Lines: 21
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.mbusinessanywhere.general:928
Article PK: 17837

How can I use Sybase to develop a portal to do eshop,
ecommerce on the web. what is the best point to start such
thing.

> Dietrich wrote:
> >
> > check out if an Apache server in Reverse-Proxy mode
> > could do the job.
>
> Not 100% positive on this, but I do not believe this will
> work. There is an m-Business reverse proxy server
> available, but from what I remember you need to work with
> iAnywhere to get it.
>
> g.f
> --
> Greg Fenton
> Some Random Dude