I happen to be one of those geeky Cisco guys - we're not that bad I promise. RPC is a network protocol that by design uses multiple, dynamic ports. This clashes with any network admin's goal of minimising the amount of ports open externally to the internet, and resistance to this is understandable. That there exists no option to replicate global across a single encrypted port just shows that Aveva understands engineering far better than they understand networks. Fair enough I guess, but using RPC across an untrusted WAN in 2015 is indefensible.
Anyhow, it is what we must do, lest we wish to make our own solution in WCF. Step 1: lock down RPC so that it uses a slightly more sensible range of ports. Make a .reg file like this and import on your server (it locks down the port range of RPC to use only 100 different ports. Reboot required.):
Step 2: make a request to your kind, approachable network guy to permit this traffic to flow in both directions, only between your office and your Global partners office. 'RPC traffic on TCP port 5000-5100, locked down to two public IPs (ours and our partners), and NATted to our internal PDMS server with an IP of X'
Then you can follow the aveva docs for enabling Global on your project. When Done go to Query, and check the Comms to test.
I happen to be one of those geeky Cisco guys - we're not that bad I promise. RPC is a network protocol that by design uses multiple, dynamic ports. This clashes with any network admin's goal of minimising the amount of ports open externally to the internet, and resistance to this is understandable. That there exists no option to replicate global across a single encrypted port just shows that Aveva understands engineering far better than they understand networks. Fair enough I guess, but using RPC across an untrusted WAN in 2015 is indefensible.
Anyhow, it is what we must do, lest we wish to make our own solution in WCF. Step 1: lock down RPC so that it uses a slightly more sensible range of ports. Make a .reg file like this and import on your server (it locks down the port range of RPC to use only 100 different ports. Reboot required.):
Step 2: make a request to your kind, approachable network guy to permit this traffic to flow in both directions, only between your office and your Global partners office. 'RPC traffic on TCP port 5000-5100, locked down to two public IPs (ours and our partners), and NATted to our internal PDMS server with an IP of X'
Then you can follow the aveva docs for enabling Global on your project. When Done go to Query, and check the Comms to test.
