3 Replies Latest reply on Jun 12, 2013 1:34 PM by Simon Gatrall

    EPDM Users Over WAN With AD?

    Simon Gatrall

      We're in the process of setting up a replicated EPDM archive server in China. Our office is in the US with the database and archive server. We have a VPN tunnel between the two locations, and replication to the China archive server is working. We're about to add users in China, but we're unclear about how this will work with Active Directory. Currently we do not have trusted domains set up between the two offices. We're part of the same global company, but we have local AD servers, and different DNS domains.


      What do we need to do to add users in China?

      Will the admin tool need to be used locally in China to add users?

      Will we see them in the user list here in the US?

      What other issues should we be aware of as we set this up?


      -Simon Gatrall

        • Re: EPDM Users Over WAN With AD?
          Simon Gatrall

          I had a useful phone call with Hawk Ridge (our value added reseller) about how EPDM logins will work with/without trusted domains. Hawk Ridge said that they do not have any clients who use EPDM over a WAN with multiple domains without trust.

          In theory all the EPDM functionality (versioning, check-in/out, etc.) should work without trust, but the Admin account in the US will not be able to add users from the non-trusted domain. The Admin account on the China archive server will be the way to control local users there. The users will show up in both Admin tools, but the untrusted domain users will show up with a red plus next to their name.

          From the EPDM Documentation "The archive server that hosts the vault archive manages user authentication. If the correct credentials for an active vault user account are not found on the archive server, the user account is listed in the Administration tool with a red plus symbol. Such users may not be able to log in to the vault until the issue is resolved. You can still manage vault permissions for the user account."

          The big downside to not having trusted domains is for users who travel between the locations. If a US person goes to China they will not be able to authenticate to the EPDM archive server there. They would have to VPN to the US to use EPDM. Similarly, if an employee from the China office travels to the US office and tries to use EPDM, they will not have credentials to login to the local archive server.

          It seems like we will be able to test functionality, but we will want trusted domains eventually.

          We have yet to verify this info, but does it agree with anyone else's experience?