Configuring Security Groups When iProcess Workspace (Windows) Is Installed in Azure
To use iProcess® Workspace (Windows) instances in Azure to connect to TIBCO iProcess Engine, perform the following steps to appropriately configure security groups.
| 1. | Start an Azure Virtual Machine (AVM) in your Virtual Network (VNET). |
| 2. | Name the created virtual machine as avm-OracleServer and install the Oracle Database Server on this virtual machine. |
| 3. | Start a second AVM in your VPC. |
| 4. | Name the created virtual machine as avm-iPE and install iProcess Engine on this virtual machine. |
| 5. | Start a third AVM instance in your Virtual Network. |
| 6. | Name the created virtual machine as avm-iPWW and install iProcess Workspace (Windows) on this virtual machine. |
| 7. | Create the following security groups for all three Azure Virtual Machines. |
| — | nsg-OracleServer for the avm-OracleServer instance. |
| — | nsg-iPE for the avm-iPE instance. |
| — | nsg-iPWW for the avm-iPWW instance. |
| 8. | Configure nsg-OracleServer, nsg-iPE, and nsg-iPWW |
| a. | Specify a custom TCP rule that allows only machines on an external domain to access the Oracle Database Server (The default port is 1521.) |
| b. | Specify a rule on avm-OracleServer for iProcess Engine to communicate with the database server. |
| c. | Specify a rule on avm-iPE for the database server to communicate with iProcess Engine. |
| d. | Specify a rule on avm-iPE for iProcess Workspace (Windows) to communicate with iProcess Engine. |
| e. | Specify a rule on avm-iPWW for iProcess Engine to communicate with the iProcess Workspace (Windows). |
| f. | Specify Remote Desktop (RDP) rule for access to avm-iPWW from an external domain. |
Inbound Security Rules
|
Priority |
Name |
Source |
Destination |
Service |
Action |
|
105 |
iPE_Port |
192.0.2.0/32 |
Any |
Custom (Any/111) |
Allow |
|
130 |
Tibco |
192.0.2.0/32 |
Any |
Custom (Any/48000-48020) |
Allow |
|
180 |
SPO Port |
192.0.2.0/32 |
Any |
Custom (Any/45157) |
Allow |
|
1000 |
default-allow-ssh |
192.0.2.0/32 |
Any |
SSH (TCP/22) |
Allow |
Note: 192.0.2.0/32 is used as an example IP address, replace this with your IP address.
After configuring these security groups, your setup looks something like the following illustration.
