FAQ: How do I limit user access to my internal network and make use of a DMZ for external users?

Q: How do I limit access to PDC documents to my internal network?

A: For a Windows server system you can use Windows access controls to limit who can actually access specific documents.  This is an extra control beyond the LockLizard DRM controls that limit access to secure documents to specific machines regardless of the ability to access the document.  If your controls require license verification whenever a document is opened, then truly external users will not be able to verify their licenses unless they are actually connected to the internal network.

If you are using Safeguard Enterprise then you can specify the IP address ranges that are authorized to use documents.

Q: Can I secure the personal information of my users/customers?

A: Only a skeletal amount of customer/user information is held in the LockLizard Administration server, a recipient e-mail address and an identifier (which need not be their natural name).  However, there are occasions on which even that might be deemed sensitive information.  If that is the case, you should consider working with an ‘own server’ version of the LockLizard Administration system, where the MySQL database is loaded onto one of your own servers, and therefore subject to your own access controls and standards.

Q: Can I run the LockLizard Administration server myself and still make it accessible to Internet users?

A: Yes.  In order to do this you would purchase an ‘own server’ edition, and install it in the DMZ (that is a zone outside of your internal network, and accessible to both your internal network and the Internet, but still in your operational control).  In this way, the Administration server domain is accessible to both internal and external users.

With Safeguard Enterprise you can even specify the IP address ranges that are authorized to use documents.