We are currently running Jive 6 on-premise, with the servers behind our firewall. The problem with that architecture is we don't have a good way to enable our users to access the content remotely (when they are not connected to our network). I am curious -- for your on-premise installation, do you allow your users to access your site remotely? If so, how do you enable this / how did you address the security concerns of keeping your data confidential? Here are some possible solutions we are kicking around, along with the issue we face for each of these:
1. VPN -- this option sounds the most promising, but we restrict what devices we will allow to use VPN. So it would not be truly "anytime / anywhere" access. For instance, we will not allow our users to access VPN from their personal PC's; we don't have a mobile VPN solution.
2. Enable access via a Reverse Proxy server outside our firewall. We have a security policy which inhibits this. The policy is that we must stop all traffic first on our Reverse Proxy server, authenticate the user in our DMZ, then allow traffic to pass through the firewall only after the user is authenticated. This works for the regular web page access to Jive; but it does not work for the Jive Mobile 3 app, nor does it work for Jive For Office / Jive For Outlook. Has anybody encountered this? If so, how did you resolve it?
3. So, given our security policy, the only other option I can think of is to move my Jive web server into my DMZ. The big concern with this is how do we secure the binary attachments? We could not allow the content to be stored in the DMZ itself, so the options are either:
a) store the binary content in a database behind the firewall, or
b) store the binary content in a file system behind the firewall
Jive recommends against option a).
Has anyone tried option b), where the web server is in DMZ and the file server is behind firewall? If so, what type of storage solution are you using? Our security team says we cannot just hook it up to our existing storage solution, because the concern would be if the DMZ server were breached, that could "maybe" open up access to all of our confidential files, even ones that aren't stored in Jive. So we need some way to isolate the Jive content so that it is not connected to our other storage.