Table of Contents

Accessing On‑Premises Environments from Outside the Customer Network

  • How can consultants access a customer's on‑premises environment from outside the network?
  • What are the recommended methods and trade‑offs?
Tip

Summary: This guide helps consultants connect a physical device or Android emulator to a customer's Intermediate Layer (IL) and Business Central (BC) from outside the customer network. It outlines recommended access methods, security considerations, and practical steps.

Scope and Goal

  • Goal: Enable secure, reliable access from outside the customer network to IL (default ports 8080/8081) and BC.
  • Scope: Connectivity approaches for fully on‑premises, self‑hosted IL and BC environments.

The following methods are listed in order of preference, from the most secure and manageable to the least recommended. Choose the approach that best fits the customer's infrastructure and security requirements.

1. VPN Connection (Preferred)

  • Steps:
    • Confirm with the customer whether a VPN solution supports Android devices (or the consultant's platform).
    • Request a VPN account and configuration (profiles/certificates as applicable).
    • Verify that VPN routing/firewall rules allow access to IL ports (typically 8080 and 8081) and BC endpoints.
    • Customer may need to configure subnet routing or firewall rules (customer‑specific).
  • Pros:
    • Uses your own device or emulator; no onsite hardware changes.
    • Typically the most secure and manageable option.
  • Cons:
    • Requires VPN client installation and configuration.
    • May need customer support to finalize routing/firewall settings.

2. Expose IL Port with Strict IP Filtering (Less Preferred)

  • Steps:
    • Customer configures port forwarding to expose IL externally.
    • Apply IP filtering to only allow traffic from approved consultant IPs.
    • Plan for IP changes if dynamic addressing is used.
Important

Exposing ports to the internet reduces security. Use strict IP filtering, monitoring, and time‑bound rules where possible.

  • Pros:
    • Works with your own device; simpler than full VPN.
  • Cons:
    • Lower security posture; ongoing maintenance for dynamic IPs.

3. Android Emulator on Customer PC (Last Resort)

  • Steps:
    • Install an Android emulator on the customer's PC and access it via RDP/TeamViewer (as permitted).
    • Configure the emulator to reach IL/BC locally within the customer's network.
  • Pros:
    • Minimal external network changes; avoids opening ports or VPN setup.
  • Cons:
    • Performance may not match a real device.
    • Installation can be complex due to virtualization and system requirements.

Summary

  • Best option: VPN connection for security and flexibility.
  • Alternative: Port forwarding with strict IP filtering (use sparingly).
  • Fallback: Emulator on the customer PC when other options are not feasible.


Feedback
Submit feedback for this page .