Hello together,
I need to know some more detailed network information for the mentioned function, since we have two providers and 3 different data centers - and inbetween firewalls.
The story:
We have a MS TMG Server as gateway (I don't know the version exactly) and MS Exchange 2010 - in two data centers.
In one of these we are also hosting two Afaria relay servers (which mustn't be used necessarily).
In another data center we are hosting Afaria servers and databases.
The Afaria testsystems are running SP4 HF11, Relayserver V16, the production systems SP4 HF7 Relayserver V12.
Since the Afaria Servers are in another data center the firewalls inbetween have to be configured very precisely and I can't find this information on the SAP and Sybase knowledgebases or in documentations.
So I need to know the exact ways of the communication: Source, Destination, Outbound or Inbound, Protocol and Port.
Also if HTTPS is the content and the Port is 3009 we might have to setup https-exceptions for the firewalls since a TMG server will block HTTPS-communication that uses other ports as 443 if not properly configured.
Btw.: The communication with the domain controller via LDAPS does work already, I'm only troubled with the ISAPI-Filter / Access Control netowrking information.
What I do know:
In the installation documentation I read so far that these components are involved:
ISAPI-Filter, that includes the filter that captures EAS traffic on the gateway and a reverse pipeserver.
Data Handler Services, that includes httpsclient and pipeserver, which will be installed on this gateway too.
Afaria filter listener on the Afaria application server.
What I think I do know:
ISAPI-Filter and Datahandler communicate with each other through the reverse pipeserver and the pipeserver component
The Datahandler talks to the Afaria filter listener (Afaria application server) via the httpsclient component.
It is planned to setup the above components on the same server, but the firewall might have to be configured anyways.
Afaria filter listener actually is the Access Control Server option on the Afaria application server.
What I don't know:
The Access Control Server is actually listening on Port 3010. Is the connection from the data handlers httpsclient outbound or inbound?
Is this the only connection that will be used for transferring the device list to the pipeserver or does the Afaria server initiate a connection as well?
The Access Control Server-option in the Afaria AdminUI is set to http, so there's also the question if the data handlers httpsclient will communicate with the Afaria filter listener in http or if it HAS to be https.
Do the data handler's httpsclient and (reverse) pipeserver component communicate via network?
I've seen pictures for a setup with domino where port 3012 is mentioned between these two components, now I'm kind of confused (since I don't expect the communication between these components to be very different depending on the Mailserver used).
The Afaria Server and database are communicating with each other, so there should be no problem. However, I've read in a Sybase KB entry that The Exchange Server does query the Afaria SQL database directly on port 1433, since it was for Afaria Version 5.5 I hope I can totally forget that. http://frontline.sybase.com/support/resolutionDetails.aspx?KBID=3908
Is there the necessity of using the relay servers in this process if they are actually in use for the mobile clients?
I have the slight feeling I forgot something anyway, so there might be a lot of more stuff I don't know and I'll be always happy to get to know more stuff.
Thanks for reading and best regards,
Benjamin