5 Replies Latest reply on Aug 10, 2009 10:00 AM by lamaslany

    Security Question

    lamaslany

      Title

      Security Question

      Post

      I have been asked to investigate the technical requirements for a client that is looking to buy a product created using FileMaker.  As I am predominantly from a Windows background I am worried that I do not have a solid grasp of the intricacies of Mac OSX and FileMaker.

       

      The vendor suggests that they need direct access to the FileMaker server across the Internet and want the following ports to be opened: 

      TCP/UDP 5003

      TCP/UDP 5006

      TCP/UDP 50003

      TCP/UDP 50006

       

      Is this common practice? 

       

      As I say I have only just started investigating FileMaker but this very much sounds like I would be publishing the MS-SQL port to the Internet and that concerns me deeply!

       

      Many thanks for any assistance you can offer,  

       

        • 1. Re: Security Question
            

          I agree that this setup would be like opening port 3306 to everyone on the internet. It would be much more advisable to use VPN and then a RDP-server the users can logon to. Not to mention the difference in performance ;) .

           

          Your customer already may have and use VPN and may allready have an ApplePC that runs Apple Remote Desktop Server, the question then is how easy is it for their users to setup their MacOSX-workstations to use VPN and Apple Remote Desktop.

           

          regards, Menno

          • 2. Re: Security Question
            lamaslany
              

            Thanks menno; I thought it sounded a bit dodgy!  :)

             

            They do not have much of an infrastructure at present and their technical knowledge is quite limited.  I confess that I am having some issues explaining the options to them in terms of remote working solutions - partly as they have little exposure to networks, remote access and multi-user applications, and partly as I have only limited Mac OSX experience.  I am investigating SSH and VPN tunnels at the moment.   I had not considered Apple Remote Desktop as they have more users than they have machines (five users; three machines).  Am I right in thinking that there is no Apple equivalent to a Windows Terminal Server and that each user would need a dedicated LAN-side workstation to connect to for a remote desktop? 

             

            Adding to my confusion over FileMaker was the demo of the software they gave me.  It runs from a share on a Mac rather than having a local client-side app connecting to a back-end database.  This didn't really fit with my notion of a client-server app and seemed more akin to multiple users trying to use a Microsoft Access database from an SMB file share.  Would you say that analogy is more appropriate for FileMaker apps?  It has meant that I am finding it hard to judge how FileMaker works as I cannot actually see it (in terms of configuration and preferences).

             

            One final thought I had was that as FileMaker runs on Windows could I install it on a Windows terminal server?

             

             

            Once again I do appreciate the assistance,

             

            • 3. Re: Security Question
                

              Yes you can install it on a windows TS where the (macosx)-users can log on to. You need a special FM-licence for that setup though (We use VLA/FBA licenses, which we buy directly from Filemaker), otherwise you can only startup one instance of filemaker on the machine. I also would recommend that your client starts using Filemaker Pro Server, which is much better and safer in many aspects

               

              regards, Menno

              • 4. Re: Security Question
                philmodjunk
                  

                Just a few additional comments:

                 

                The ports listed are standard ports that FMP server needs in order for it to function correctly. You'll find these listed in the documentation.

                 

                Filemaker is not a "thin client" type of application. You do need filemaker installed on each client machine and this is a little like using MS Access in a similar set up.

                 

                However, in my experience, filemaker (especially with the support of Filemaker server) handles the network issues much better than access. (Record locking issues, for example are handled much more cleanly on filemaker than MS Access.)

                • 5. Re: Security Question
                  lamaslany
                    

                  @menno:  Thanks again.  I think I will look into the terminal server solution in more depth.  The only potential issue I can imagine is if the FileMaker app integrates with any local applications to provide functionality.  I have fired off a quick email to the vendor to check... (I know that most Windows-based apps tend to make use of users' email profiles to send notifications, etc...)

                   

                  @PhilModJunk:  That is making a little more sense to me now.  And would explain why it took so long to open over a VPN link!  :)