Running Perception behind a firewall

Applies to the following products: 
Questionmark Perception
Applies to the following Perception versions: 
Perception 5.2
Perception 5.1

If Perception will be run from behind a firewall and be expected to be accessed from outside the firewall via the Internet you will need to ensure you follow the steps described in the following sections:

Accessing the Shared Repository Service

The authoring server runs as a service via TCP/IP. You can control it by modifying the configuration file. You can, for example, change the port setting or use HTTP instead of TCP. This file is named RepositoryService.exe.config. If you installed Perception Server in the default location, the file will be located in the following directory:

  • C:\Program Files\Questionmark\Perception5\Shared Repository Service\bin

You can also edit this file by using Shared Repository Manager. Refer to the Shared Repository Manager Help for instructions on how to do this.

If Perception Server will be run behind a firewall, you need to modify RepositoryService.exe.config as follows.

    1. Locate the following line in the file:

      <channel ref="tcp">
    2. Change the line so that it reads the following:
      <channel ref="tcp" port="7800" machineName="machine.yourdomain.com">

Where machine.yourdomain.com is the full name of your server (please note this is case-sensitive)

 

This setting will configure the shared repository service so that it returns an endpoint URL starting with tcp://<repository-service-server>:7800. This URL can then be used by external clients such as Authoring Manager to call the server.

  1. Save your changes.

  2. Open Shared Repository Manager and click Restart the Shared Repository Service.

Configuring the entry point URLs for QMWISe

If using or creating a third party application that accesses Perception through the QMWISe web services certain entry points are used by the application to access Enterprise Manager, assessments, assessment lists and reports. If the Perception Server is setup behind a firewall and the third party application accessing Perception is not, the entry point URLs will need to be updated to point to the external address of the firewall and the firewall will need to have an allow rule created resolves to port 80 on the Perception Server.

Once the allow policy has been enabled the various URLs used to access Perception will need to be updated to the external address of the firewall so that communication is not blocked. The URLs that need to be amended in the Server Settings are:

Setting Description
QMWISe Server Specifies the server address for QMWISe if it is hosted on a separate server than the Perception Server This should be the server name as viewed by a client browser running on a separate PC outside of the firewall
Perception Server Specifies the server address for the Perception Server
QABS Server Specifies the server address of QABS if it is hosted on a separate server from the Perception Server
QPLA Server Specifies the server address of QPLA if it is hosted on a separate server from the Perception Server
Repository server Specifies the server address of the repository if it is hosted on a separate server from the Perception Server
Perception URL Defines the URL of the Perception PHP used by QPLA. This setting is usually only necessary when an advanced installation of Perception is used
System folder Specifies the folder location of where all the System files are stored on the Perception Server for QPLA (This is only necessary if you have manually installed Perception in a multi-tiered environment.

The server settings for the above settings may be the same if installed on a single server or they may be the settings for several servers if you installed perception in a multi-tiered environment

To change the entry point URLs in Enterprise Manager:

    1. Click Server Management on the Administration menu

    2. Click Server Settings

    3. Scroll down to the Global Settings section and locate the settings mentioned in the table above

    4. Update each of the entry point URLs to point to the external address of your Perception Server

For example - http://ext.firewall.address.xyzcompany.com/

  1. Click Save & Exit to update the settings

Configuring Questionmark To Go to work behind a firewall

When using Questionmark To Go to return results back to a server behind a firewall ensure that you have created an allow rule on your firewall host pointing to port 80 on the Perception Server.

Once the allow policy has been enabled the Perception Server needs the QMWISe Server and the Perception URL settings in the Server Settings to be updated to allow the .qm2go files to resolve back to the firewall instead of the internal address for the Perception Server.

To change the setting in Enterprise Manager:

    1. Click Server Management on the Administration menu
    2. Click Server Setting
    3. Scroll down to the QMWISE Server setting

http://ext.firewall.address.xyzcompany.com/QMWISe5/QMWISe.asmx

    1. Update the QMWISe Server with the external address of your Perception Server or the QMWISe Server if you are running the service on a separate server
    2. Locate and modify the Perception URL field to point to the external address of your Perception Server

http://ext.firewall.address.xyzcompany.com/

  1. Click Save & Exit

The settings have now been changed and made available to the Server.