PDXpert Application Server on a private cloud

Using a public IP

Before exposing your server to the internet, set your server's firewall to block public internet access to SQL Server. (If you're using SQL Server LocalDB, then remote access is blocked regardless of firewall settings.)

Client-server communication via a public IP address requires a strong password policy. In particular, ensure that the default user account admin has a strong password — do not leave the password empty. If possible, change the default username to something other than admin.

When logging in on the remote client's Welcome to PDXpert PLM window, enter the server's public IP address into the Server computer's machine name textbox. In PDXpert 9.0 and later, users should mark Encrypt my connection on the client log-in window.

To permit a PDXpert client to access the PDXpert Application Server, the server's firewall and antivirus must be configured to allow communication using these TCP ports:

  • 48084 Used to send software updates to PDXpert client application.
  • Effect of closing this port: The PDXpert client application can't download code, so upgrades must be manually installed on the remote client workstation.
  • 48085 Used for unencrypted communications, usually when local workstations connect to the server on a trusted network or VPN.
  • Effect of closing this port: The PDXpert client must be set to use an encrypted connection (on the client log-in window, mark Encrypt my connection).
  • 48086 Used for encrypted communications, usually when remote workstations connect to the public IP address of the server.
  • Effect of closing this port: The PDXpert client must be set to use an unencrypted connection (on the client log-in window, clear Encrypt my connection).
  • 48087 Reserved for future use.

If you allow remote connections from the internet, open the internet-facing firewall ports 48084 and 48086 only. Block unencrypted clients by closing port 48085. The firewall for trusted networks can keep all 4 ports open.

Using a VPN

To enable a PDXpert client access to the PDXpert Application Server over a virtual private network (VPN) connection, the VPN must be configured to allow communications using four TCP ports 48084 through 48087.

If you're using a VPN and wish to save a bit of computational overhead, you can choose not to encrypt your client connection.

For releases before PDXpert 8.0, ensure that the client workstation can access the SQL Server instance (e.g., TCP port 1433). Since the SQL Server instance is named PDXPERT, you can configure a static port for that named instance and open VPN access to that port. For proper operation, the SQL Server instance must have been installed with Mixed Mode authentication.

Learn More
Install Guide Contents