Security planning - network topology

Sterling Selling and Fulfillment Foundation is typically implemented as an internal application that is accessible from an Internal Network or across from VPN.

Where is Sterling Selling and Fulfillment Foundation being accessed from?

Regardless of the network, it is strongly recommend that you use SSL to encrypt all the Sterling Selling and Fulfillment Foundation screen requests. SSL processing can be expensive and can add an additional 30% or more processing overhead to each application server transaction. Depending on your transaction volumes, you may want to offload your SSL processing to specialized devices such as an F5 load-balancer with built-in hardware SSL engines.

Accessing over the public internet

If you are accessing Sterling Selling and Fulfillment Foundation over the Public Internet you have to also consider additional security concerns such as denial of service attacks.

Deploying over a virtual private network

If you are deploying Sterling Selling and Fulfillment Foundation over a virtual private network (VPN), the major factor in security and performance is the VPN encryption. Many firewall providers offer encryption and decryption accelerators that can be added directly to their firewalls. Checkpoint's FireWall-1, VPN-1 Accelerator Card II, is an example of this. However, one consideration for purchasing accelerator cards is how many VPN tunnels are needed. You also need to determine if the VPN is being set up for site-to-site implementation or if each individual user opens their own tunnel. If you decide on a site-to-site VPN, typically memory in the firewall is the greatest concern. If each user opens their own tunnel, processor speed is the largest concern.

In many cases the deciding factor is the speed at which your VPN is connected. If you have a T1 line, a single processor machine may suit your needs. If you plan to deploy over a T3 line, you may wish to consider a multiple-processor machine. Most firewall and VPN vendors can help you size the machine you purchase from them for optimal security and performance.

Deploying over a local area network

If you are deploying Sterling Selling and Fulfillment Foundation over a local area network (LAN), performance should not be an issue. We strongly recommend you SSL all Sterling Selling and Fulfillment Foundation screens even on an Internal Network.