In this article i would like to discuss in brief about DMZ Implementations. Many times Customers have a requirement to setup DMZ Environment for Externally Visible Applications such as iStore, iRecruitment etc...but the next question they have is can they share the File System (i.e. appltop, comntop, iAS/806) with the external DMZ Server. Technically sharing the file system between the Internal Server and External Server is possible but it defeats the whole purpose of Setting up the DMZ Server, here is the explanation
|| ||
Internet || External Web Tier || Internal Web Tier/Database Tier
|| ||
FW1 FW2
If you share an appltop/comntop between External and Internal Server you are violating the concept of DMZ. A hacker playing with External Filesystem is also playing with your Internal Filesystem making your second Firewall useless.
It is also documented in Metalink Note 287176.1, However if you are having one or more servers inside the DMZ then you can Implement Shared Appltop among all the External Middle Tiers.
Comments (3)
Hi Murali,
Can we use the same external server for different product like irecruitment and isupplier and with different domain name...
Thanks,
Kalpit
Posted by Kalpit | June 19, 2007 4:26 PM
Posted on June 19, 2007 16:26
Yes, Refer to 217368.1 "Virtual Servers and Port Configuration"
Posted by Murali | June 19, 2007 6:13 PM
Posted on June 19, 2007 18:13
Yes, Refer to 217368.1 "Virtual Servers and Port Configuration"
Posted by Murali | June 19, 2007 6:15 PM
Posted on June 19, 2007 18:15