hi everyone...when i have gone through the few old threads it really helped to understand what to be done and wat not......i have a query and request the global setup masters to respond...
hub will b my end and we dont hve problem in opening the firewall ports but the company at satellite end are not ready to open the ports....
i have read in some aveva supported document that admin.exe can be added in the expection program....does it mean we are bypassing the firewall.... if we add the admin.exe to exception will the communcation,the updates at the hub and satellite will takes place or not?
one of the idea is like taking a new machine make it as virtual server (at satellite) and when ever tht machine is connected with hub the other link to their comany server will be off and when the link frm hub is disconnected the link between the virtual server and the company server of satellite will be active....frankly speaking its not the proper way of global working environment or setup...
so i need some suggestions at this stage how to proceed.....
the easiest way is to take the satellite machine out of your corporate firewall environment and put it in a "neutral zone" with two MAC card. One for external internet access, and the other for your internal access.
Opening up ports works too if you know how to talk to your cisco router certified network admin (whatever their titles are). But you have to talk to them in their geeky language and you will be lucky to even know their names.
There is a very good write up from Aveva on this issue in documentation as well as on their support site.
thx kimi for ur reply..... can u plz give me the link of aveva support site where the issue is documented. can i read tht article with out pivotal login......
I happen to be one of those geeky Cisco guys - we're not that bad I promise. RPC is a network protocol that by design uses multiple, dynamic ports. This clashes with any network admin's goal of minimising the amount of ports open externally to the internet, and resistance to this is understandable. That there exists no option to replicate global across a single encrypted port just shows that Aveva understands engineering far better than they understand networks. Fair enough I guess, but using RPC across an untrusted WAN in 2015 is indefensible.
Anyhow, it is what we must do, lest we wish to make our own solution in WCF. Step 1: lock down RPC so that it uses a slightly more sensible range of ports. Make a .reg file like this and import on your server (it locks down the port range of RPC to use only 100 different ports. Reboot required.):
Step 2: make a request to your kind, approachable network guy to permit this traffic to flow in both directions, only between your office and your Global partners office. 'RPC traffic on TCP port 5000-5100, locked down to two public IPs (ours and our partners), and NATted to our internal PDMS server with an IP of X'
Then you can follow the aveva docs for enabling Global on your project. When Done go to Query, and check the Comms to test.
