Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Recommendations for Internet facing deployment of Jira

Paul Ryan3
Paul Ryan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 27, 2012

Hi all,

Our company is considering an Internet facing deployment of Jira. While I have read various articles including the best practices guides on the Atlassian and other web sites, I am wondering whether I should be considering 3rd party products to implement a layered security approach.

I notice from the web site that this software is deployed by quite a few multinationals and I cannot imagine, even for an internal deployment, there are relying 100% on the Jira application to ensure the security of the information in the portal.

Two things that come to mind to implement this approach are:

- Web Application Firewall (WAF)

- Identity Management solution integrated with the WAF and Jira

What have other users done?

Are there any recommendations on these? What works well? Not so well?

Thanks,

Paul

Answer
Watch
Like Be the first to like this
843 views

1 answer

1 accepted

2 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 27, 2012

My clients have used:

  1. Apache, SSL and certificates. The systems are on the raw internet, but you can't get past Apache without a valid certificate
  2. Crowd for ID management, integrated with their firewall
  3. VPNs to drill through corporate firewalls, so the systems aren't really on the internet, but people can use the internet to pretend that they're inside the company network

The approaches all have strengths and weaknesses. Integrating certificates into ID management is not fun, but it's a solid approach to security and authorisation. The raw Crowd+systems worked fine, except with the public access stuff, we ended up with a lot of spam accounts. VPNs work well, but it's not really putting your systems on the internet. I think the answer is "you need to do what suits you and your usage best". If it's an internal system, I'd look at a VPN first, as you'll be limiting it to just known users. The SSL certificates are good if it's your people, plus known external users, but you'll need an ID and certification system (Crowd doesn't do certs). I'm less convinced by just "atlassian systems raw on the internet", I think there's a strong argument for firewalling carefully and having human authorisation systems in place to approve new accounts at the very least. (Although, I must say, that was the only problem we had)

View More Comments
Paul Ryan3
Paul Ryan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 27, 2012

Thanks Nic for the response.

We have used #1 with client certificates before but it is inflexible for multiple device support and adds to the costs of support.

In relation to 2 "Crowd for ID management, integrated with their firewall", what was the configuration? Was it the web application firewall checked the user authentication data against Crowd before the request was sent to the Jira application? Do you want to mention the web application firewall vendor?

Thanks again,

Paul

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 27, 2012

Yes, the certs stuff can be "fun" ;-)

I'm not entirely sure what the firewall vendor was, but I do know they had a set of dedicated Linux boxes that we had to tell Crowd to talk to. I don't think it was anything more complex than a username/password challenge, then the firewall would pass traffic from that source.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security