RE/BBNC database relocated to different network zone

Options
Kerri Chapman
Kerri Chapman
Seventh Anniversary First Comment Boomerang (2021) Activity: First Reply
in Blackbaud Raiser's Edge NXT®: General Discussion
This question is more for the IT folks out there.  Do any of you self-hosted organizations have their RE/BBNC databases in a different, "more secure" network zone?  If so, I'd love to talk to you about how you've deployed your client.  We need to relocate our databases, and are getting ready to test running RE and all its components on a VDI (using Citrix).  


Thanks,


kerri
Tagged:

Comments

  • Teri Plemel
    Teri Plemel
    Tenth Anniversary Photogenic First Comment

      Do any of you self-hosted organizations have their RE/BBNC databases in a different, "more secure" network zone?  If so, I'd love to talk to you about how you've deployed your client.  We need to relocate our databases, and are getting ready to test running RE and all its components on a VDI (using Citrix).  

     

    Kerri,


    We changed from completely self-hosted with our own server to moving to a Citrix environment at the "server farm" of our health system. There have been some ups and downs here and there. Some of these issues have lead us to the decision to move to NXT later this year. Happy to discuss further.


    Thanks,

    Teri

  • Nancy Clein Tafoya
    Nancy Clein Tafoya
    Ninth Anniversary First Comment

    Teri Plemel:

      Do any of you self-hosted organizations have their RE/BBNC databases in a different, "more secure" network zone?  If so, I'd love to talk to you about how you've deployed your client.  We need to relocate our databases, and are getting ready to test running RE and all its components on a VDI (using Citrix).  

     

    Kerri,


    We changed from completely self-hosted with our own server to moving to a Citrix environment at the "server farm" of our health system. There have been some ups and downs here and there. Some of these issues have lead us to the decision to move to NXT later this year. Happy to discuss further.


    Thanks,

    Teri

     

    Teri,


    We are completely self-hosted (both RE and FE).  We're not ready for Blackbaud hosting/NXT due to our extensive use of our own datawarehouse and need for SQL access to both databases.  We've been using a VPN and remote login to our office PC's to access our RE and FE clients, but now have a need for virtual desktop environments (we think).  What kind-of glitches did you encounter?  Any words of wisdom?


    Thanks in advance,

    -Nancy

  • Aaron Rothberg
    Aaron Rothberg
    Eighth Anniversary 500 Likes 100 Comments Name Dropper
    Hi Kerry-


    It sounds like your IT folks want to move your databases into a DMZ so that certain applications are accessible (within tight constraints) to folks outside of your network without putting your corporate network at risk. Putting your servers/database into a DMZ will allow access to servers in that zone without having to allow that traffic to enter your corporate network to reach those servers. If that is what your IT folks are doing, as long as they route Raiser's Edge traffic to the DMZ and allow traffic to flow out of the DMZ you won't have any issues. There are, of course, a number of ways to approach segmenting your network like this. Port forwarding using TCP/UDP ports, subnetting, a proxy server, other ways and any solution might also include connection-oriented state-based analysis at your firewall, packet shaping combined with routing, etc...There's lot of ways to accomplish this goal.


    Your IT staff, if they have the talent to move the database to a DMZ, should have the talent to give you access to the services in the server's new location.


    Do you have any specific questions as it relates to your organization's network? Are you looking to understand the TCP/UDP ports required to be open/forwarded for Raiser's Edge clients to connect to the server? Are you looking for precise implementation instructions specific to your network topology?

Categories