Welcome to Telelogic Product Support
  Home Downloads Knowledgebase Case Tracking Licensing Help Telelogic Passport
Telelogic DOORS (steve huntington)
Decrease font size
Increase font size
Topic Title: DOORS vs VPNs
Topic Summary:
Created On: 11-Aug-2004 20:02
Status: Post and Reply
Linear : Threading : Single : Branch
Search Topic Search Topic
Topic Tools Topic Tools
Quick Reply Quick Reply
Subscribe to this topic Subscribe to this topic
E-mail this topic to someone. E-mail this topic
Bookmark this topic Bookmark this topic
View similar topics View similar topics
View topic in raw text format. Print this topic.
Answer This question was answered by Ross Morgan, on Wednesday, August 18, 2004 2:41 PM

Answer:
there's no reason why a DOORS session shouldn't work over a VPN connection if it is configured correctly.
Trouble is, there are many ways to configure a VPN.

openVPN, for example, allows you to create a tunnel to another network and for your machine to act as a bridge between the two. i.e has two IP addresses and can route to addresses on both networks.

However most commercial VPN's involve using a DMZ in the middle for security. There may be a VPN tunnel from your network to the VPN DMZ, allowing traffic to be routed from your network to the target network. Alternatively, you may have a client VPN connection for your PC to the VPN DMZ so routing to your home network is blocked while you are connected. In this case your PC gets an IP address on the VPN DMZ subnet.
e.g
home network is 192.168.99.0/24
target network is 192.168.20.0/24
VPN DMZ network is 192.168.21.0/24
Between the VPN DMZ network and the target network there may be a firewall which could block DOORS traffic.
The VPN DMZ network may not host DNS services, so then your PC won't be able to resolve names to addresses on the 192.168.20.0/24 network. Putting an entry in %system32%/drivers/etc/hosts will sort this out, so long as the machine has a static IP address.
The VPN DMZ may only allow traffic to be routed to certain addresses on the 192.168.20.0/24 network. Try pinging the target machine (this will work provided the machine & firewall allow ping responses).
If the VPN uses IPSEC for security and a router/switch in between you and the target network doesn't understand IPSEC protocol, then that will cause block traffic.

Communications with the license server take minimal bandwitch and are resilient to high latency, so if routing & naming are OK, then DOORS should at least be able to get a license.
 11-Aug-2004 20:02
User is offline View Users Profile Print this message


David Rose

Posts: 80
Joined: 10-Oct-2003

Does anyone know about any problems or special concerns with running DOORS over a VPN?

-------------------------
David A. Rose TSgt USAF
NCOIC System Administration
Report this to a Moderator Report this to a Moderator
 12-Aug-2004 19:42
User is offline View Users Profile Print this message


Ewen Miller

Posts: 99
Joined: 20-Nov-2002

Don't think DOORS 7.x is officially suppported on VPN.

One of our Engineers tried it and DOORSnet 7.1 and it didn't work. Mind you he was over 3000 miles away, and was reliant on public telephone lines, so the data rate was quite low. I expect if you had a Citrix set-up it might work.


Ewen Miller

QinetiQ Ltd
Report this to a Moderator Report this to a Moderator
 12-Aug-2004 19:51
User is offline View Users Profile Print this message


David Rose

Posts: 80
Joined: 10-Oct-2003

I doubt that it is also, but I figure if we give it a try, and fail, then we know something more. I'll keep everyone posted on our progress. By the way, DOORS uses 3 ports. 19353 for the licenses, the data port you set, and port 1004 for license return communications

-------------------------
David A. Rose TSgt USAF
NCOIC System Administration
Report this to a Moderator Report this to a Moderator
 12-Aug-2004 19:54
User is offline View Users Profile Print this message


Ronald Houde

Posts: 1
Joined: 16-Jun-2003

We at CAE Inc. run DOORS over our VPN. The issues we faced are port accessibility and response time. You must make that the ports required by the Licence server, if you use Flex licences, and the DOORS database server have been opened on the VPN.

I have been able to run a DOORS client from a hotel room in Las Vegas at the 2003 UGC and access our DOORS database server located in Montreal. The room had a DSL modem and the response, although jittery at times, was acceptable. If response time becomes an issue, you will have to set-up Citrix. We have Citrix set-up to allow remote access to the database from other sites and it works well. We have also used the MS-Windows Terminal Services with good results.

Best,
Ron Houde
Group Leader, Requirements Engineering
Systems Engineering, CAE Inc. Military Simulation & Training
Report this to a Moderator Report this to a Moderator
 13-Aug-2004 09:25
User is offline View Users Profile Print this message


Judith Underwood

Posts: 35
Joined: 25-Sep-2002

I regularly run DOORS over a VPN. I have ADSL -- response time is good enough for the kinds of things I do that it is usable if a bit slow.

DOORS copes better with loss of VPN connection than some other applications I could mention. If the VPN drops while I'm editing a module, then as long as I don't do anything which requires communication with the DOORS db server (like try to save the module or
navigate in the explorer) then I can often continue with the DOORS session just by reconnecting to the VPN.

I'm not involved with setting up or maintaining our VPN so I don't know what configuration was required. DNS doesn't work in our setup so I have an explicit mapping of the DOORS db server machine name to IP address in a configuration file somewhere on my machine, but I had to do that for all the machines I want to talk to.

Judith Underwood
Report this to a Moderator Report this to a Moderator
 17-Aug-2004 12:29
User is offline View Users Profile Print this message


Ross Morgan

Posts: 74
Joined: 15-Apr-2004

Answer Answer
there's no reason why a DOORS session shouldn't work over a VPN connection if it is configured correctly.
Trouble is, there are many ways to configure a VPN.

openVPN, for example, allows you to create a tunnel to another network and for your machine to act as a bridge between the two. i.e has two IP addresses and can route to addresses on both networks.

However most commercial VPN's involve using a DMZ in the middle for security. There may be a VPN tunnel from your network to the VPN DMZ, allowing traffic to be routed from your network to the target network. Alternatively, you may have a client VPN connection for your PC to the VPN DMZ so routing to your home network is blocked while you are connected. In this case your PC gets an IP address on the VPN DMZ subnet.
e.g
home network is 192.168.99.0/24
target network is 192.168.20.0/24
VPN DMZ network is 192.168.21.0/24
Between the VPN DMZ network and the target network there may be a firewall which could block DOORS traffic.
The VPN DMZ network may not host DNS services, so then your PC won't be able to resolve names to addresses on the 192.168.20.0/24 network. Putting an entry in %system32%/drivers/etc/hosts will sort this out, so long as the machine has a static IP address.
The VPN DMZ may only allow traffic to be routed to certain addresses on the 192.168.20.0/24 network. Try pinging the target machine (this will work provided the machine & firewall allow ping responses).
If the VPN uses IPSEC for security and a router/switch in between you and the target network doesn't understand IPSEC protocol, then that will cause block traffic.

Communications with the license server take minimal bandwitch and are resilient to high latency, so if routing & naming are OK, then DOORS should at least be able to get a license.
Report this to a Moderator Report this to a Moderator
Statistics
20925 users are registered to the Telelogic DOORS forum.
There are currently 1 users logged in.
The most users ever online was 15 on 15-Jan-2009 at 16:36.
There are currently 0 guests browsing this forum, which makes a total of 1 users using this forum.
You have posted 0 messages to this forum. 0 overall.

FuseTalk Standard Edition v3.2 - © 1999-2009 FuseTalk Inc. All rights reserved.