InfoCenter Home >
7: Multimachine management >
7.1: Using WebSphere Application Server in a multimachine environment >
7.1.3: Multimachine topologies >
7.1.3.7: Demilitarized zone (DMZ) sample topology

7.1.3.7: Demilitarized zone (DMZ) sample topology

A demilitarized zone (DMZ) configuration involves multiple firewalls that add layers of security between the Internet and a company's critical data and business logic. The following figure shows an example of a simple DMZ topology.

The main purpose of a DMZ configuration is to protect the business logic and data in the environment from unauthorized access. A typical DMZ configuration includes:

  • An outer firewall between the public Internet and the Web server or servers processing the requests originating on the company Web site.
  • An inner firewall between the Web server and the application servers to which it is forwarding requests. Company data also resides behind the inner firewall.

The area between the two firewalls gives the DMZ configuration its name. Additional firewalls can further safeguard access to databases holding administrative and application data.

DMZ configurations can be implemented for a wide variety of multi-tiered systems. Article 7.1.4, Firewall and demilitarized zone configurations, compares some DMZ configuration options and can help you to select which one is right for your organization.

Typical use

The advantage of using a DMZ topology is heightened security. Its drawbacks are more complex administration and maintenance. In addition, an administration server often cannot be run on the DMZ node. The firewall is intended to protect the back-end database server from unauthorized access, but it can prevent the administrative server from gaining access to the administrative repository.

Go to previous article: Reverse proxy (IP forwarding) sample topology Go to next article: Multiple WebSphere domains sample topology

 

 
Go to previous article: Reverse proxy (IP forwarding) sample topology Go to next article: Multiple WebSphere domains sample topology