0 votes
in Portal by
Is it advisable to use the process portal for end users. Will exposing the built in ibm portal cause any security or performance issue?

1 Answer

0 votes
selected by
Best answer
I have not come across a live web application based on Process Portal facing internet or web published, there have been couple of POCs and Prototypes built but following are the concerns regarding such exposure

1. Security concerns, running a rational appscan or other vulnerability scanners against the Process Portal has revealed significant security vulnerabilities.

2. The security concerns can only be addressed by the web application itself which is a OOB application and since source code is not available cannot be customized.

3. The level of scaling and infrastructure needed will be tremendous if it is has lets say a user base of 1000+ and approx 100+ concurrent usages. I have seen the infrstructure fail at even 100 users and 10+ concurrent users even with four nodes. But there are lot of factors involved and configuration in performance.

4. some of the security concerns can be alleviated by using Cloud based Reverse Proxies and Web Application Firewalls e.g. provided by amazon and cloudflare, but real truth will emerge if AppScan is run outside the WAFs, also some enterprises have sophisticated security gateways which can filter out the security threats also the WAF/OWASP rules will need to be customized to not hinder functionality while ensuring security.

5. Licensing may also be an issue not sure how internet user licensing will work.

6. Features like user provisioning etc may need to be custom built.

7. CDN based delivery of static resources can offload a lot of performance impact though.

Other members please pitch in if you have other thoughts etc.

Related questions

0 votes
1 answer 199 views
0 votes
2 answers 418 views
0 votes
1 answer 92 views
0 votes
1 answer 242 views
0 votes
1 answer 212 views
0 votes
1 answer 390 views
0 votes
1 answer 262 views

591 questions

485 answers


1.8k users

Dosvak IBM BPM /BAW Products, Download Evaluation
Process & Performance Tools Process & Performance Tools
Code Analyzer Code Analyzer
UI Toolkit UI Toolkit
Integration Monitoring Integration Monitoring
Welcome to BPM Tips Q&A, Community wiki/forum where you can ask questions and receive answers from other IBM BPM experts and members of the community. Users with 2000 points will automatically be promoted to expert level.
Created by Dosvak LLC
Our Youtube Channel