Embed Size (px)
DESCRIPTION
MemoQ in Corporate Network
Citation preview
The memoQ server in a Corporate
Network
Version 3.5
LSP Guide
memoQ copyright © 2004-2009 Kilgray Translation Technologies. All rights reserved.
Contents
1 Overview .................................................................................................................................................................2
2 Possible Network Setups..................................................................................................................................3
3 IP Addresses ..........................................................................................................................................................5
4 The Client Connect Address Problem..........................................................................................................5
5 Resolving the Client Connect Address Problem......................................................................................7
The memoQ server in a Corporate Network – LSP Guide 2
1 Overview
Language service providers (LSPs) usually work with mixed teams consisting of internal staff
and external contractors, or freelancers. When a translation task requires a team with multiple
translators and/or reviewers, it is natural to use a translation memory server or a translation
project server such as the memoQ server.
If a team includes both internal staff and freelancers, the same server needs to be accessible both
from the LSP’s internal network and from the Internet. This might present difficulties for the LSP
because the same server might be visible at one specific address for the internal network, and
another address from the Internet.
This might be a problem for the memoQ server because it exposes one and only one client con-
nect address. This address is included in the server project details: when a translator or a re-
viewer is checking out a server project, the memoQ desktop program will look for the published
translation memories and termbases using this client connect address. However, if the server
physically resides in the company network, client computers need to use a different address
depending on whether they are inside the network, or accessing it from the Internet. Since you
cannot specify two or more client connect addresses in memoQ server, this might cause an issue
in the network setup.
This document describes the problem in a non-technical manner and outlines the possible solu-
tions. It is important to note that the issue is not directly related to the configuration of memoQ
server – rather, it concerns the overall network setup of the company.
The memoQ server in a Corporate Network – LSP Guide 3
2 Possible Network Setups
An organization has two options when it comes to placing their public servers. Smaller organiza-
tions prefer to put up their servers outside the company network, in a hosting center of an ISP
(Internet Service Provider). In this setup, the organization itself accesses the server over the
Internet, so the server has one address indeed. This means that hosted servers do not expose the
problem outlined above, so this setup will not be considered further on.
The second option is used by “larger” organizations that have a proper company network with a
suitable broadband Internet connection. Such organizations place (some of) the public servers
within the company network, retaining full control over the data and configuration on the server
(as opposed to hosted servers).
An organization usually protects its network from online attacks using firewalls. A firewall is a
dedicated computer with a piece of software that monitors incoming traffic (data), and detects
potential threats. It can also be used to control access to one part of the network or another, or
to control/restrict the Internet access for internal computers or users.
If an organization has no servers in its internal network, the firewall usually blocks all incoming
traffic (data). This means that no connection can be initiated from the outside. This is just like a
phone that can be used to make calls but cannot be called. If the connection is initiated from the
inside – for example, a user accesses a web page or downloads her e-mails – the firewall will of
course let in the reply to the request.
Figure 1: A simple small business network with no servers and a fully blocking firewall
Give me that
webpage!
Give me that
webpage!
Give me that
webpage! External computer
The memoQ server in a Corporate Network – LSP Guide 4
If there is a server in the network, however, the setup becomes more complicated. Similarly to
an airlock, the companynetwork will be split into two parts, and will have at least two security
doors – that is, firewalls. Between the two firewalls there is a so-called de-militarized zone, or
DMZ. If a memoQ server is hosted within a company network, it is most likely to be put in a DMZ.
There will be an inner part containing client computers that cannot be accessed from the out-
side. This will have the same full protection as the network in Figure 1 – an inside door or fire-
wall blocking all incoming requests. The secure middle part contains the servers that make some
of their services public. However, these servers will also be protected by a firewall from the out-
side because the company wants to retain total control and protection of the data stored on
them. Just like the outer door of an airlock, the firewall protecting the servers will be opened up
very carefully, making sure that nothing is exposed that does not explicitly need to be exposed.
This means that it will have somewhat permissive settings so that the services published by the
servers are accessible from the Internet.
The servers placed in the DMZ are accessed from two networks: from the internal network and
from the Internet.
Internal network: Internal DMZ: External Internet
Client computers firewall Server firewall
The memoQ server in a Corporate Network – LSP Guide 5
3 IP Addresses
The rules that govern how computers talk to each other on a network is called the TCP/IP proto-
col suite. One of the rules is that each computer must have at least one address consisting of four
numbers such as 81.116.212.59 or 192.168.0.49. These addresses are called the IP addresses.
Different networks have different address ranges. The Internet is in fact made up from an enor-
mous amount of networks (so it is a network of networks) having different address ranges.
There are special address ranges that are considered as private. If a computer has a private ad-
dress, it cannot be directly accessed from the Internet. Such addresses start with the numbers
192.168, 172.16, or 10. This means that a computer with the address 192.168.0.26 is not acces-
sible from the Internet, whereas one with the address 81.92.178.3 is.
Different networks can be connected to each other using a device called the router. The Internet
contains an enormous amount of interconnected routers, this is why any two computers on the
Internet can actually talk to each other, regardless of the network they are in. Private networks
are also hooked up to the Internet using a router – that usually also acts as a firewall.
The internal network of a company tends to be a private network. Most likely they have an ad-
dress range like 192.168.1.101–192.168.1.223 or similar. These addresses are not accessible
from the Internet. When this network is hooked up to the Internet, it will receive one public IP
address that is accessible from the outside. This means that from the Internet, the entire private
network will look like a single computer having a public IP address such as 86.176.45.9. The
router will take care of distributing the incoming data among the internal computers.
If a private network contains a server such as the memoQ server, it will be accessible through
two IP addresses: one private address, and one public address (that will probably be the single
public address the network has).
Range of IP addresses: IP address of the server:
192.168.1.101–192.168.1.223 → 86.176.45.9. (public address)
192.168.2.11 (private address)
Funnily enough, the single external address of a private network can never be accessed from
within the private network itself. This is to prevent circular traffic or direct feedback, which
would mean a blowup of the amount of data transferred over the network, and would cause the
network to stop functioning.
The memoQ server in a Corporate Network – LSP Guide 6
The Client Connect Address Problem
The memoQ server can have exactly one address where client computers can connect to it (cli-
ent connect address). If the server that runs the memoQ server software has two IP addresses,
only one of those can be used to contact the server. In this setup, the following problems may
happen:
(1) If the client connect address is set to the internal IP address of the server, only the internal
users can check out server projects from the server. External users will not be able to check
out server projects.
(2) If the client connect address is set to the external IP address of the server, only the external
users can check out server projects from the server. This will not work for the internal users.
If a mobile user brings her laptop into the internal network, she will not be able to access the
same server projects that worked fine earlier.
In all other respects, the server can be accessed both internally and externally because the client
connect address is not used when the users access translation memories or term bases on the
server without a server project.
The memoQ server in a Corporate Network – LSP Guide 7
5 Resolving the Client Connect Address Problem
The client connect address problem goes away if you can use one single name or address for the
server, and this name is equally valid in both the internal and external networks. We already
know that this is not possible by using IP addresses.
The problem can be solved by using DNS names instead of IP addresses. A DNS name – or fully
qualified domain name, FQDN – is a “friendly” name for a computer that can be used in lieu of an
IP address. For example, there is a computer with the IP address 195.56.44.105. This IP address
is not known to many people because this computer is almost always accessed by the name
‘www.kilgray.com’.
When you type the ‘www.kilgray.com’ address into your browser, your computer will contact
another server called the DNS (Domain Name System) server. This server is operated by your
internet service provider (ISP). Its task is to find the IP address for names like this. In finding the
IP address, the ISP’s DNS server co-operates with other DNS servers on the Internet.
By the clever use of DNS servers, it is possible to assign the same name (like ‘www.kilgray.com’)
to multiple IP addresses. This means that the server should be accessible by the name ‘memo-
qserver.lspname.com’ both from the internal and the external computers.
Let’s suppose there is a memoQ server in the internal network with
• an internal IP address of 192.168.2.11, and
• an external IP address of 81.195.46.7
The memoQ server’s client connect address is set to ‘memoqserver.lspname.com’. This setup
works if
• the internal computers, when accessing ‘memoqserver.lspname.com’ are directed to
192.168.2.11 (the internal IP address), and
• the external computers, when accessing the same domain name, are directed to 81.195.46.7.
This means that the DNS servers should say different addresses to the internal and the external
computers. There are two possible solutions to this:
1. Setting up an internal DNS server. This is the way to go if the internal network uses Active
Directory. If you use Active Directory, at least one server in your organization should work as a
DNS server anyway.
You can create a ‘zone’ for your ‘lspname.com’ domain on the internal DNS server, and instruct it
to return the internal IP address of the memoQ server when queried. All other DNS queries
(such as web page requests) should be forwarded to the external DNS server usually run by your
ISP. The internal DNS server can do this easily.
The internal computers and laptops brought in must be directed to the internal DNS server, but
that is easily done through automatic IP configuration (present in almost every network).
The memoQ server in a Corporate Network – LSP Guide 8
This document does not contain detailed configuration instructions on setting this up since it
depends on the type of the DNS server you are using. It also depends on the type of the device
that distributes the IP addresses within the network. The latter can be a router/firewall or a
separate computer (running mostly Linux or Windows) with DNS server software. Your IT staff
must be able to set this up.
2. Using the HOSTS file. This approach is useful if you have no internal DNS server. Your internal
computers use the external DNS server run by the internet service provider. However, there is a
file in their system directory that needs to be modified. In Windows, the HOSTS file is in the fol-
lowing folder:
C:\Windows\System32\drivers\etc
It looks like this:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
You need to add one line here:
<internal_address_of_memoQ_server> memoqserver.lspname.com
Using the numbers from the previous example:
192.168.2.11 memoqserver.lspname.com
This file contains “exceptions” to general DNS rules. The system supposes that every IP address
should be queried from the external DNS server but these.
You need to make this change on the internal computers. This way the DNS server will return
the external IP address of the memoQ server, but the internal computers will not use it. Instead,
they will contact the memoQ server using the internal address because of this extra line in the
HOSTS file.
Note that the second approach will not work with laptops unless the HOSTS file is modified each
time the laptop is brought in and taken out.
