Configuring Security Groups When iProcess Workspace (Windows) Is Installed in AWS

To connect to TIBCO iProcess Engine and configure security groups, perform the following steps:

1. Start an Elastic Compute Cloud (EC2) instance in your Virtual Private Cloud (VPC).
2. Name the created instance ec2-OracleServer and install the Oracle Database Server on this instance.
3. Start a second EC2 instance in your VPC.
4. Name the created instance ec2-iPE and install iProcess Engine on this instance.
5. Start a third EC2 instance in your VPC.
6. Name the created instance ec2-iPWW and install iProcess Workspace (Windows) on this instance.
7. Create the following security groups for all three EC2 instances.
sg-OracleServer for the ec2-OracleServer instance.
sg-iPE for the ec2-iPE instance.
sg-iPWW for the ec2-iPWW instance.
8. Configure sg-OracleServer
a. Specify a custom TCP rule so only the machines on an external domain can access the Oracle Database Server (The default port is 1521.)
b. Specify a rule on ec2-OracleServer for iProcess Engine to communicate with the database server.

Type

Protocol

Port Range

Source

Description

Custom TCP Rule

TCP

22

Custom

192.0.2.0/32

SSH to access the VM

All TCP

TCP

0-65535

Custom

sg-iPE

To allow traffic from members of sg-iPE

Oracle Database Server

TCP

1521

Custom

192.0.2.0/32

To access the Oracle database from an external machine
Note: 192.0.2.0/32 is used as an example IP address. Replace this with your IP address.
9. Configure sg-iPE
a. Specify a rule on ec2-iPE for the database server to communicate with iProcess Engine.
b. Specify a rule on ec2-iPE for iProcess Workspace (Windows) to communicate with iProcess Engine.

Type

Protocol

Port

Source

Description

Custom TCP Rule

TCP

22

Custom

192.0.2.0/32

SSH

All TCP

TCP

0-65535

Custom

sg-OracleServer

To allow traffic from members of sg-OracleServer

All TCP

TCP

0-65535

Custom

sg-iPWW

To allow traffic from members of sg-iPWW
Note: 192.0.2.0/32 is used as an example IP address. Replace this with your own IP address.
10. Configure sg-iPWW
a. Specify a rule on ec2-iPWW for iProcess Engine to communicate with the iProcess Workspace (Windows).
b. Specify Remote Desktop (RDP) rule for access to ec2-iPWW from an external domain.

Type

Protocol

Port Range

Source

Description

RDP

TCP

3389

Custom

192.0.2.0/32

Remote Desktop Connection
Note: 192.0.2.0/32 is used as an example IP address, replace this with your own IP address.

After configuring these security groups, your setup looks something like the following illustration.