Configuring Security Groups When iProcess Workspace (Windows) Is Installed on an External Machine

To connect to iProcess Engine from an external machine that has iProcess Workspace (Windows) installed, perform the following steps to appropriately configure security groups.

1.

Start an AVM in your Virtual Network.

2.

Name the created virtual machine as avm-OracleServer. Install the Oracle Database Server on this virtual machine.

3.

Start a second AVM in your Virtual Network.

4.

Name the created virtual machine as avm-iPE. Install iProcess Engine on this virtual machine.

5.

Install iProcess Workspace (Windows) on the client machine (on an external domain). For more information, see TIBCO iProcess Workspace (Windows) Installation.

6.

Now, create security groups for the two Azure Virtual Machines:

—

Create nsg-OracleServer for the avm-OracleServer instance.

—

Create nsg-iPE for the avm-iPE instance.

7.

Configure nsg-OracleServer

a.

Specify a custom TCP rule that allows only machines on an external domain to access the Oracle Database Server (The default port is 1521.)

b.

Specify a rule on avm-OracleServer for iProcess Engine to communicate with the database server.

c.

Specify a rule on avm-iPE for the database server to communicate with the iProcess Engine.

d.

Specify a custom TCP rule (for example: 46000-46020) to restrict the number of inbound connections to avm-iPE.

e.

Specify a custom TCP rule that allows only client machines on an external domain to access iProcess Engine on the RPC port (The default is 111.)

Inbound Security Rules

Priority	Name	Source	Destination	Service	Action
110	Oracle	Any	Any	Custom (Any/1521)	Allow
1000	default-allow-ssh	Any	Any	SSH (TCP/22)	Allow

Outbound Security Rules

Priority	Name	Source	Destination	Service	Action
100	AllTcpOut	Any	Any	Custom (Any/Any)	Allow

After configuring these security groups, your setup looks something like the following illustration.