Hi, can anyone help ? assume there are two firewalls, one outer and one inner firewall. The web server is placed between the outer and the inner firewall (in the DMZ). The outer firewall shields the web server from the internet, the inner firewall shields the application server and database servers within the intranet. Assume further there is a VPN establishing clients remote acces to the intranet (especially the app server). Where is the VPN router best placed ? In the intranet or in the DMZ. If it is in the DMZ then a proxy (to the appserver) is necessary to route requests to the intranet. How will this scenario handled in practice ??
omsiva
Greenhorn
Joined: Mar 12, 2002
Posts: 1
posted
0
Originally posted by Thomas Hofmann: Hi, can anyone help ? assume there are two firewalls, one outer and one inner firewall. The web server is placed between the outer and the inner firewall (in the DMZ). The outer firewall shields the web server from the internet, the inner firewall shields the application server and database servers within the intranet. Assume further there is a VPN establishing clients remote acces to the intranet (especially the app server). Where is the VPN router best placed ? In the intranet or in the DMZ. If it is in the DMZ then a proxy (to the appserver) is necessary to route requests to the intranet. How will this scenario handled in practice ??
Thomas Taeger
Ranch Hand
Joined: Dec 16, 2002
Posts: 307
posted
0
Originally posted by Thomas Hofmann: ...Where is the VPN router best placed? ...
Hi other Thomas, I am still interested in an answer too ... Thomas.
I am no network guy. Routers are the glue between networks they do not go in the DMZ or the inner sanctum. What kind of client is connecting? When the question refers to an app server what is it talking about?
Chris Mathews
Ranch Hand
Joined: Jul 18, 2001
Posts: 2712
posted
0
This question is definitely targeted at the wrong group of people. I would have to say the majority of us do not know enough about infrastructure to give an intelligent answer to your question, certainly not one that we could back up with qualifications. The important part for us (as Architects/Developers) is the logical separation. How this is achieved falls in the realm of another group entirely. If you are concerned about this question from an SCEA standpoint... don't be. The SCEA exam does not require you to have detailed knowledge like this. Remember this is a "big picture" exam. If you are concerned just because you want to know, then I suggest you post this to another forum. Try General Computing, though it is likely you will still not recieve an adequate answer. You may need to leave JavaRanch completely and post this on a forum dedicated to infrastructure. [ January 15, 2003: Message edited by: Chris Mathews ]
Thomas Hofmann
Ranch Hand
Joined: Nov 23, 2002
Posts: 72
posted
0
Thanks for information. I iasked this question because I intended to use an ejb client for the travel agents. So I thought to describe security requirements, especially encryption over VPN in my assumptions. But I recognized that it would go beyond the scope of the assignment. I submitted yesterday and will see if I'm right ?
0
