FAQs: SirsiDynix Symphony and Firewalls
| • | How does SirsiDynix Symphony interact with firewalls? |
| • | Can we use SmartPort with a proxy server? |
How does SirsiDynix Symphony interact with firewalls?
Some sites connect to the Internet through firewalls. A firewall is a system that controls connections between networks according to a set of rules. The purpose of a firewall is to prevent unauthorized access to or from the Internet. The following subtopics explain how SirsiDynix Symphony interacts with firewalls. Firewalls add security to a network, but can have access implications for SirsiDynix Symphony and Hyperion. The use of firewalls with various SirsiDynix products is discussed in the following paragraphs.
Access to the e–Library
If you are running a web server behind a firewall, and you want to grant access to users outside the firewall, you will have to configure your firewall, and possibly your web server, to allow this.
Users with web browsers behind the firewall will be able to access a web server that is also behind the firewall, with no special provisions. The firewall is not involved in such connections.
Access to Other Web Sites through the e–Library
Without special configuration, web browsers behind a firewall will not be able to access destinations outside the firewall. The e–Library can deliver links to other destinations in their displays. Without the special configuration, users will not be able to follow those links.
For libraries that purchased the e–Library with Content Enrichment, the server must be able to connect to SirsiDynix for enrichments and for Web Resources searching.
In addition, workstations connecting to the e–Library that are inside the library’s firewall will need to be able to connect to Amazon.com, Barnes&Noble.com, Google, and whatever other external links SirsiDynix will provide.
One way to allow web users access to outside destinations is through the use of a proxy server, such as a SOCKS server.
The e–Library can also act as a gateway to Z39.50 servers. The e–Library communicates with servers using the Z39.50 protocol, and displays the results on a user’s web browser. If the gateway will access Z39.50 servers outside the firewall, you will have to make provisions for this in your firewall configuration. The Z39.50 connections will originate from the SirsiDynix Symphony server. The firewall will have to either allow all connections from the SirsiDynix Symphony server, or maintain a list of acceptable servers, including their addresses and port numbers, to which the SirsiDynix Symphony server is allowed to connect.
SmartPort
With SmartPort, the user’s workstation retrieves cataloging information via the Z39.50 protocol. If any Z39.50 servers are outside the firewall, the solution to this problem is a proxy server. This topic is covered in more detail in the following FAQ.
Z39.50 Servers
If you want users outside the firewall to access a Z39.50 server running on your SirsiDynix Symphony server, you will have to configure the firewall to allow unlimited access to the SirsiDynix Symphony server via its Z39.50 port. You can set the port number to any number you wish in the Z39.50 server configuration. This applies to the SirsiDynix Symphony catalog Z39.50 server included with every SirsiDynix Symphony system, as well as InfoBASE servers.
WorkFlows
WorkFlows users inside the firewall will be able to access the SirsiDynix Symphony server (assuming it is also behind the firewall) without any special provisions.
Beginning with Unicorn Version 2000, the WorkFlows client uses a fixed port number. With this client, and a firewall that allows access to the SirsiDynix Symphony server over that fixed port, WorkFlows users outside a firewall are able to access a SirsiDynix Symphony system inside that firewall.
Hyperion
Access to Hyperion through a firewall via a web browser has exactly the same considerations as the e–Library, mentioned previously.
To access Hyperion with a Hyperion staff client through a firewall, you must first configure Hyperion to use a fixed port number for its server process, and then configure the firewall to allow access to the appropriate system or systems over that port.
Can we use SmartPort with a proxy server?
In many cases, firewalls prevent workstation clients from connecting to sites on the Internet. One example would be trying to connect from SmartPort to the Library of Congress bibliographic Z39.50 server.
The solution to this problem is a proxy server. A proxy server, in cooperation with a firewall, makes connections from clients to servers. Proxy servers can be set up to verify the user’s identity (via a login and password) before making a connection.
There are many different protocols for proxy servers, but one of the most popular is called SOCKS. SmartPort has an optional firewall feature that allows it to connect to Internet sites through SOCKS proxy servers. In order for a site to use this feature, it must have a SOCKS server that supports SOCKS Version 5. This standard is detailed in RFC 1928 (http://www.socks.nec.com/rfc/rfc1928.txt). SmartPort uses authentication method 2 (Username/Password as detailed in RFC 1929 (http://www.socks.nec.com/rfc/rfc1929.txt).
SirsiDynix does not supply or maintain SOCKS servers. You are responsible for obtaining, installing, configuring, and maintaining your own SOCKS server. More information about the SOCKS protocol and SOCKS servers is available on the web www.socks.nec.com.
To use your SOCKS server with the SmartPort wizard, you must edit your SirsiDynix Symphony configuration file to enable the use of the proxy server, and configure the Proxy Server Information properties in the SmartPort wizard properties.
If you are interested in purchasing SirsiDynix’s SmartPort firewall feature, contact SirsiDynix Client Sales at 1–800–917–4774.
Related topics