Data grids in the appliance store information that is sensitive and must be protected.
For a secure deployment, use several layers of protection for optimal security. The first element of protection is the use of firewalls to segment the network. The standard tiered model for web applications is composed of web clients, a presentation tier of HTTP servers, an application tier that is composed of application servers, a data tier, and a storage tier.
WebSphere DataPower XC10 Appliance appliances are deployed as part of the data tier. Standard practice is to put the presentation layer servers in a demilitarized zone (DMZ) that is protected by one firewall, and to put the application, data, and storage tiers in network segments that are protected by more firewalls. Do not deploy appliances in a DMZ. You must protect appliances as you protect all other elements of the data tier, according to standard industry practice.
However, for optimal protection against security threats, use an in-depth defense mechanism, where a number of extra measures protect appliance operation and the data that is stored in the data grid. These additional measures not only help in defending against external threats, but also prevent unauthorized data access by employees and contractors who might have access to network segments in which the appliances reside.
This steps in this scenario are done in the web console for WebSphere DataPower XC10 Appliance. Each of these steps can also be automated by calling the HTTP command-line interface from a program. For more information about the HTTP command-line interface, see Configuring Transport Layer Security (TLS) for WebSphere Application Server.