01-20-2012 01:54 PM
Long time SalesLogix Admin (12 years)... first time posting!
We are a small SalesLogix 7.5.4 implementation (150 user), and half of them are Remote (PC based clients, remote dbs, synchronizing, etc.), but there has been discussion about moving some of them, or supplementing their access, with the Mobile version of SLX (for iPads, phones, etc.)
We are very concerned about the security (or lack thereof) provided by SalesLogix when it is exposed to the internet (Mobile server being in a DMZ and all.) We use RSA tokens for mobile users to access our internal network, and was wondering if that is something that the mobile devices/saleslogix implementation can support.
If not, then is there anything else anyone has done to beef up security with the Mobile version, or maybe everyone is just happy the way it is?
01-20-2012 02:09 PM - edited 01-20-2012 02:14 PM
Add SSL... That is the recommended approach.
In the end.. it's just a (RESTful web services) web "portal".
Remember, the Mobile Portal is ONLY for getting the "app" on the device, The SData portal is where ALL the data comes from (and goes to ;-)
01-23-2012 06:55 AM
Anyone have comments on the below? (copied and pasted from my boss.)
An SSL certificate provides encryption between the web site and the client browser, which will help to prevent someone’s credentials from being determined. It does not address in any way whether the native account and password scheme provided by SalesLogix is secure enough to keep someone from hacking in. That is the question and challenge. When SalesLogix is only used internally behind a firewall, it is not a concern. But we will be exposing the application and data externally on the web, so we need to be certain that the security implementation is sounds for that environment.
01-23-2012 07:18 AM
What about enabling Windows Authentication? ... You also can run up your "corporate VPN" (tunnel) and use that....
These are the things most people turn to these days.
01-23-2012 08:06 AM
I will ask our business partner how to implement the VPN 'tunnel' with our tokens for the mobile environment, if it is possible.
01-23-2012 02:31 PM
The question you need to ask and answer is:
A - What evice(s) are you using for mobility?
B - Do those devices support your VPN technology?
It's got nothing to do with Sage SalesLogix Mobility (SlxMobile portal and SData portal).