cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2999
Views
6
Helpful
8
Replies

SocialMiner Server Placement and Firewall Considerations

Bryan Geoghan
Level 1
Level 1

Hi,

I am getting ready to deploy a SocialMiner 9.x integration with UCCX for only the Customer Web Chat functionality. The client already has UCCX and their web server is externally hosted outside of their network.

I am finding what seems to be conflicting information on the following items:

  • Where to place the SocialMiner server?
  • Do you have to use a Proxy server?
  • If it can go in the DMZ or Inside network of the firewall, can you create a static NAT for it and open the necessary ports to it for the Customer Web Chat functionality to work?
  • What ports need to be open on the firewall and in what direction depending on where the SocialMiner server is placed?

Ideally, I would like to place the SocialMiner server on the DMZ network, publish a public FQDN that resolves to a public IP that NATs to the DMZ (private) IP of the SocialMiner server, but with the firewall only allowing the required ports to the SocialMiner server. I would prefer to do this without the use of a Proxy server, but as long as this is a supported and clean solution.

Thoughts or advice?

8 Replies 8

Andrew Grech
Level 1
Level 1

Hi Bryan,

I'm getting ready to deploy, just wondering how you got on?

Thanks

I had the client implement a DMZ and have part of the public IP block be assigned to the it. We then placed the SocialMiner server in the DMZ and only opened the necessary ports from the OUTSIDE to DMZ and from the DMZ to the INSIDE. PDI said that doing NAT to the SocialMiner server is not currently supported. Also, we are doing this without setting up the optional proxy server.

Thanks for the reply Bryan,

I thought that might be the case I opened up a support case today to confirm. Its hard to understand why NAT is not supported. We currently don't have a proxy server so guess I'll be following the same implimentation plan.

Yeah, I don't understand why NAT isn't supported. We did limited testing with NAT to the SocialMiner server in our lab environment and it seemed to work fine. We didn't test it end to end, but didn't see any issues with the basic functionality from a UCCX web chat perspective. But we definitely wanted to implement a supported deployment in the client environment. 

Hi Bryan,

We are getting ready to deploy Social Miner for Webchat in our network, just wondering how you got on with setting up NAT and port permission for social miner to the internet?

Regards

FilipOlsen
Level 1
Level 1

Hi Bryan

So how did this end ?

 

And what about the fact that public got access to the login page by opening https ?

 

Filip

I Filip,

My setup is like this External IP > Load Balancer > Nat to internal IP > Internet IP > Routes internal connections to local firewall and external connections back to load balancer

to get this working I had to open a TAC case for root access and then I configured host based routes

Thanks for sharing , Andrew

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: