2016-02-11 11:44 AM
To encrypt the network traffic, the following alternatives are available:Seems odd that in 2016 this isn't built-in to the product, these days SSL encryption is the norm in almost all network services using the internet and BIMcloud is marketed as a product for the public internet. Will this be built-in in the future? As I understand, communication between BIMcloud servers is at least signed if not encrypted.
Use HTTPS to secure the communication. For this you will need a Reverse Proxy on the server side that will perform the SSL encryption between ARCHICAD and the Reverse Proxy
Use VPN, which will encrypt the communication
2018-01-05 08:11 AM
2018-01-08 12:19 PM
2018-01-08 12:54 PM
filipp wrote:I got a guide from Graphisoft a while back for setting up Apache proxy in front of BIMcloud. At that time at least, it required some modifications to make it work. It has been working quite well with AC19 and 20 and I haven't had to touch it much in recent times
Totally agree that this should be built-in, not bolted-on. And Graphisoft hasn't even published instructions on how to build the proxy.
We recently "upgraded" to BIMcloud and even that doesn't have SSL support built-in (even though I remember some marketing material claiming otherwise).
I've made some progress setting up nginx as a reverse SSL proxy from our DMZ to provide external access to team projects, but it doesn't really work since the BIMcloud manager insists on reporting the internal server address to the client (we have 2 servers paired with BIMcloud) which suggests I publish *all* our internal teamwork server addresses with corresponding firewall rules etc.
BIMcloud/server is just a Node.js web service. Usually these are put behind HTTP load balancers that also take care of encryption. It's beyond me how Graphisoft didn't consider that most architecture offices are not that experienced with setting up web services.
2018-01-09 09:56 AM
2018-08-22 07:19 AM
2018-08-27 11:55 AM
2018-09-08 05:53 AM
2018-09-18 05:52 PM
pesos wrote:Site-to-site VPN is easier in my opinion if you are able to use it. No port forwarding or NAT needed if the subnets are different on the networks. Although small offices often have 192.168.0.0/24 network in use. If that's the case for both networks you would either need to change one network or setup NAT in the VPN tunnel. Depending on the firewalls NAT could be easy to setup, cumbersome or not possible at all. Often NATting in the IPsec tunnel is only possible with professional grade equipment.
Anyone have instructions to share? THe link above appears to be dead...
2018-09-19 04:24 AM
pesos wrote:The link by filipp is working just fine for me.
Anyone have instructions to share? THe link above appears to be dead...