Allow access to RTstats databases from IU IP addresses

[scamicha]

Similar to #19, which I assume only applied to ports 443 and possibly 80. Please allow access to the rtstats database instances on rtstats and rtstats-devel from all IU IP addresses including the IU VPN.

[agopu]

Hi Scott. Could you please outline the use-case you are trying to address here?

For e.g., perhaps you are having trouble connecting from your laptop? or from ReD or some place like that? ; do you have users/subscribers from outside of the RTSTats feeders, Tableau, etc.?

Thanks!

[scamicha]

Hi Arvind, We are working on preparing a scripted set of static executive reports. Development is happening in a distributed fashion on several different workstations/laptops and the reports combine data from multiple different sources.

[agopu]

Hi Scott, thanks for the info. I'd guess these are still staff computers on IU Secure WiFi within the CIB. Are these workstations/laptops distributed outside the CIB?

[scamicha]

They could be connecting from anyplace. Ben is frequently in Indy or over at Biology and I don't know if he uses a wired connection or not, folks work from home, etc.

[agopu]

In talking with Ben, it seems he switches between Ethernet and WiFi, and the VPN client needs to reconnect each of those times. Instead, he is going to try just using WiFi to see if that addresses the concern. If this doesn't resolve it, we will look into opening more specific IPs or limited ranges that require access to the system.

However, it is unfortunately not plausible for us to open up a MySQL server to all of IU under our current low-overhead operational model, especially so without understanding the DBMS standards/best practices that are (or not) in use. We operate the server but are not the DBMS admin; if RTStats DBMS practices/policies are documented somewhere, please point us at it.

Thanks again for clarifying!

[agopu]

Overall, we recommend the use of VPN especially in coffee shops and public WiFi as a security best practice that also ensures connectivity irrespective of where one might be connected from.

[agopu]

Discussed offline with Ben (who is going to use IU Secure WiFi within the CIB + VPN - that appears to be working out fine thus far for him) and Scott whose CIB desk IP I've added for MySQL access on both prod and devel. Resolving this ticket - feel free to reopen it in the future on github.com if you need further assistance!