General Network Requirements
Information presented in this chapter is dedicated primarily to the personnel responsible for your corporate network configuration and security.
MMTE Server must be installed on a server inaccessible directly from Internet by any TCP/IP port. If your network configuration includes separate segments for demilitarized zone (DMZ) and internal local network (LAN), install MMTE Server in your LAN.
Make MMTE Server be available from within your LAN and VPN only, via certain TCP/IP ports exclusively. Ideally, from the white list of IP addresses of MMTE Client hosts only.
Close all inbound and outbound connections to/from hosts where MMTE software components are installed, except for the rules described below.
All communication between MMTE components is running on top of the WebSocket protocol, optionally encrypted with SSL. If MMTE Server is installed behind a load balancing, firewall, and/or proxy server, it must be able to:
- Pass through SSL-encrypted traffic
- Support WebSocket protocol
- Transmit all traffic for TCP/IP ports mentioned below.
Consult How MMTE Fits within Your Organization for a general overview of how MMTE components are spread in your networks.
MMTE is tolerant to not-static IP addresses assigned to its hosts, DHCP, NAT, and other network address assignment features.