Server Hardening Tips

Disclaimer: This guide is not meant to be an all-encompassing guide to protect your servers from outside attacks. This would still be handled by firewall software, content filters, etc. This guide is meant to explain what is needed for New World ERP software to function in a more hardened environment.

This guide assumes standard ports are used for SQL Server.

SQL/SSRS Server

• Port 1433 needs to be reachable by the Application Server.

• If the SSRS server is a separate machine, port 1433 would need to be reachable by the SSRS Server as well.

  In this case, the App Server needs to be able to reach port 1433 on the SSRS Server as well as the Database Server.

• http://SSRSServerName/reportserver needs to be reachable by the Application Server.
• In most environments, SQL Server Named Pipes need to be enabled.
• Distributed Transaction Coordinator firewall rules need to be enabled inbound and outbound in Windows Firewall.
• The SQL and SSRS servers need to be reachable by the Application Server via Powershell Remoting.

Application Server

• Distributed Transaction Coordinator firewall rules need to be enabled inbound and outbound in Windows Firewall.
• Needs to be able to reach the SQL/SSRS servers on port 1433.
• Needs to be able to reach http://SSRSServerName/reportserver.
• For software deployment, the Application Server and eSuite Server need to be able to reach the addresses listed in Appendix A.
• Port 443 needs to be open both directions to the eSuite server.

eSuite Server

• For software deployment, the Application Server and eSuite Server need to be able to reach the addresses listed in Appendix A.
• Port 443 needs to be open both directions to the Application Server.

SMTP Server

• In Exchange environments, an anonymous relay may be needed for the Application Server’s IP Address.

User Machine

• Access to WalkMe for integrated training. More information here: https://support.walkme.com/knowledge-base/access-requirements-for-walkme/
• Access to Help Central: https://nwerphelp.tylertech.com/*

Appendix A-Tyler Deploy Endpoints

Tyler Deploy uses several back-end server nodes to provide quick and reliable deployments to our clients. To utilize the software, required servers need to be able to reach the following addresses:

IP: 18.233.92.43

3.219.50.129

DNS

https://tylerdeployer.tylerdeploy.com:443

https://tylerdeployer2.tylerdeploy.com:443

https://tylerdeployer3.tylerdeploy.com:443

https://tylerdeployer4.tylerdeploy.com:443

https://tylerdeployer.tylerdeploy.com:10943

https://tylerdeployer2.tylerdeploy.com:10944

https://tylerdeployer3.tylerdeploy.com:10945

https://tylerdeployer4.tylerdeploy.com:10946

https://tylerdeployer5.tylerdeploy.com:10947

https://tylerdeployer6.tylerdeploy.com:10948

https://tylerdeployer7.tylerdeploy.com:10949

https://tylerdeployer8.tylerdeploy.com:10950