PDXpert Application Server on a private cloud

Using a public IP

Before exposing your server to the internet, set your server's firewall to block public internet access to SQL Server. (If you're using SQL Server LocalDB, then remote access is blocked regardless of firewall settings.)

Client-server communication via a public IP address requires a strong password policy. Ensure that the default user account admin has a strong password — do not leave the password empty. If possible, change the default username to something other than admin (for instructions, see Manage user accounts → Change the admin account log-in name help topic).

Private cloud hosting is very similar to using a Windows server on your local network. Install the PDXpert System on a Windows cloud server that meets the normal server requirements.

When logging in on the remote client's Welcome to PDXpert PLM window, enter the server's public IP address into the Server computer's machine name textbox. In PDXpert 9.0 and later, users should mark Encrypt my connection on the client log-in window.

For a PDXpert client to connect to the PDXpert Application Server, the server's firewall and antivirus must be configured to allow communication using these TCP ports:

  • 48084 Used to send cryptographically signed software to the client workstation.

    • If you close port 48084: The client workstation can't download application code. The PDXpert Client Setup installer must be copied to each client workstation for new install and upgrades.
  • 48085 Used for unencrypted communications, usually when local workstations connect to the server on a trusted network or VPN.

    • If you close port 48085: The PDXpert client must use an encrypted connection. On the client log-in window, mark the Encrypt my connection on this server checkbox.
  • 48086 Used for encrypted communications, usually when remote workstations connect to the public IP address of the server.

    • If you close port 48086: The PDXpert client must use an unencrypted connection. On the client log-in window, clear the Encrypt my connection on this server checkbox.
  • 48087 Reserved for future use.

If you allow remote connections from the internet, open the internet-facing firewall ports 48084 and 48086 only. Block unencrypted clients by closing port 48085. The firewall for trusted networks can keep all 4 ports open.

Using a VPN

To enable a PDXpert client access to the PDXpert Application Server over a virtual private network (VPN) connection, the VPN must be configured to allow communications using four TCP ports 48084 through 48087.

If you're using a VPN and wish to save a bit of computational overhead, you can choose not to encrypt your client connection.

For releases before PDXpert 8.0, ensure that the client workstation can access the SQL Server instance (e.g., TCP port 1433). Since the SQL Server instance is named PDXPERT, you can configure a static port for that named instance and open VPN access to that port. For proper operation, the SQL Server instance must have been installed with Mixed Mode authentication.