Accessing On‑Premises Environments from Outside the Customer Network

  • How can consultants access a customer's on‑premises environment from outside the network?
  • What are the recommended methods and trade‑offs?
Tip

Summary: This guide helps consultants connect a physical device or Android emulator to a customer's Intermediate Layer (IL) and Business Central (BC) from outside the customer network. It outlines recommended access methods, security considerations, and practical steps.

Scope and Goal

  • Goal: Enable secure, reliable access from outside the customer network to IL (default ports 8080/8081) and BC.
  • Scope: Connectivity approaches for fully on‑premises, self‑hosted IL and BC environments.

1. VPN Connection (Preferred)

  • Steps:
    • Confirm with the customer whether a VPN solution supports Android devices (or the consultant's platform).
    • Request a VPN account and configuration (profiles/certificates as applicable).
    • Verify that VPN routing/firewall rules allow access to IL ports (typically 8080 and 8081) and BC endpoints.
    • Customer may need to configure subnet routing or firewall rules (customer‑specific).
  • Pros:
    • Uses your own device or emulator; no onsite hardware changes.
    • Typically the most secure and manageable option.
  • Cons:
    • Requires VPN client installation and configuration.
    • May need customer support to finalize routing/firewall settings.

2. Expose IL Port with Strict IP Filtering (Less Preferred)

  • Steps:
    • Customer configures port forwarding to expose IL externally.
    • Apply IP filtering to only allow traffic from approved consultant IPs.
    • Plan for IP changes if dynamic addressing is used.
Important

Exposing ports to the internet reduces security. Use strict IP filtering, monitoring, and time‑bound rules where possible.

  • Pros:
    • Works with your own device; simpler than full VPN.
  • Cons:
    • Lower security posture; ongoing maintenance for dynamic IPs.

3. Android Emulator on Customer PC (Last Resort)

  • Steps:
    • Install an Android emulator on the customer's PC and access it via RDP/TeamViewer (as permitted).
    • Configure the emulator to reach IL/BC locally within the customer's network.
  • Pros:
    • Minimal external network changes; avoids opening ports or VPN setup.
  • Cons:
    • Performance may not match a real device.
    • Installation can be complex due to virtualization and system requirements.

Summary

  • Best option: VPN connection for security and flexibility.
  • Alternative: Port forwarding with strict IP filtering (use sparingly).
  • Fallback: Emulator on the customer PC when other options are not feasible.


Feedback
Submit feedback for this page .