Public URL for cognos?

[cognosbiuser]

HI Folks,

Could you please help me in configuring Public URL to Cognos.What my client expecting is he want to have a Public URL where he should be able to access Cognos from anywhere even he is not there in office network.

Could you please help me how can we do this?Any links or inputs please?

Thanks in advance.

Thanks and Regards
BI USER

[mcc.chernandez]

Do you mean simply allowing access to the portal from outside the network? You need an external DNS record to point to your firewall's external IP. For example, cognos.yourclient.com. Then you need to setup port forwarding from your firewall to the gateway server. Recommend you setup your Cognos gateway to use SSL so that login information is encrypted. Even better is to have the external users first connect via VPN then access the server from the inside. Allowing access from the outside, even with SSL enabled, is not good security practice

[cognosbiuser]

Hi  mcc.chernandez,

Thanks for the information.is there any document which describes these steps?

Folks any other inputs highly appreciated.

Thanks and Regards
BI USER

[sdf]

The info provided by mcc.chernandez is pretty much it.
But to add light to the steps please read bdbits' comment on below.




http://www.cognoise.com/index.php?topic=25426.0

In addition, a common setup would be, let their network team handle this or those involve with their DNS server management.
[From a consultant's point of view]. Are you even allowed to do activities with your client's network?


Cheers!

[mcc.chernandez]

Agree the network admin would be best to handle this. If you have to do it yourself here is some info to get you started. External DNS depends on who hosts your domain's DNS records. Typically it is the domain registrar (GoDaddy, Network Solutions, etc). You can run an nslookup query from Windows command-line to determine the domain's nameserver records:

nslookup -q=ns clientdomain.com

The output will show something like:
clientdomain.com      nameserver = ns1.netsol.com

In this example the nameserver points to netsol.com which is Network Solutions. You can then use their instructions to setup external DNS record: http://www.networksolutions.com/support/how-to-manage-advanced-dns-records/

You can determine your firewall's public IP by browsing to http://checkip.dyndns.org/ but this assumes you have at least one static IP address assigned by your ISP. If you have multiple IP addresses the firewall config may be different.

Note if you only have a dynamic IP address then forget the above info and just use a Dynamic DNS service (such as http://www.noip.com/free) to have a URL always point to whatever your dynamic IP address is.

Once either above is done then you need to forward the traffic from outside to the internal gateway. This site has information on how to do that for various different devices: http://portforward.com/english/routers/port_forwarding/

Recommended to use SSL (tcp port 443) for this so that login information is encrypted. This page has instructions for IIS: http://www.ibm.com/developerworks/data/library/cognos/infrastructure/web_servers/page599.html

[bdbits]

Since my name was invoked, I'll step into the fray.  :D

My instructions were for a guy who was doing this for learning from a home machine. Much still applies, but... if this is for a business, they very likely have network and security people who will want things set up in a particular way. And you will likely not have access needed to configure everything and have it work. So definitely talk to the IT people at your client.

For an organizational setting, I would strongly recommend doing this over a VPN link. If it must be exposed, please involve network/security people who know about hardening public-facing connections to avoid breaches into your client's network. The public internet is a wild and woolly place - not impossible to securely expose things to it but you better know what you are doing. It is best avoided when there are other ways to meet the needs.