Forum Post: Re: Best practice for deploying webservice with webserver within a DMZ

Status
Not open for further replies.
M

Michael Jacobs

Guest
Hi Mat, There can be multiple approaches, and opinions, regarding what runs in the DMZ and what runs in the inner security zone. Here is my opinion. The thing I would not do is put an AdminServer, AppServer or a db server inside the DMZ. I would keep the AppServer running in the same system as the DB-server inside the internal security zone. The WSA could run in the DMZ if the web server being used is Tomcat, and then make a network connection to the AppServer through the inner security zone's firewall. SSL could be used if the performance #s work just in case where a network monitor can get inserted inside the DMZ. If the web server running in the DMZ is something like Apache httpd or IIS, you could run the WSA ( and its Tomcat server ) in the inner security zone on the same system containing the AppServer and DB, and use a proxy [worker] connection between the web server and the WSA's Tomcat server. NameServers and firewalls can be a problem, so use IP addresses and port #s in your configurations. Others may chime in with their thoughts. Mike J. From: mtugler bounce-mtugler@community.progress.com Reply-To: " TU.OE.Development@community.progress.com " TU.OE.Development@community.progress.com Date: Friday, December 12, 2014 at 3:29 AM To: " TU.OE.Development@community.progress.com " TU.OE.Development@community.progress.com Subject: [Technical Users - OE Development] Best practice for deploying webservice with webserver within a DMZ Best practice for deploying webservice with webserver within a DMZ Thread created by mtugler Hello everybody, For a customer of us, we have to deploy a webservice with following constellation: * Web Server in a DMZ * DB-Server in network What's the best practice for such a deployment / development ? Where should be installed which component ? Normally (without any DMZ), State-Free AppServer & WSA are installed on the DB-Server but I think that with a DMZ, this is different. Many thanks in advance. Kind regards, Mat Stop receiving emails on this subject. Flag this post as spam/abuse.

Continue reading...
 
Status
Not open for further replies.

Similar threads

R
  • Locked
[Progress Communities] [Progress OpenEdge ABL] Forum Post: Best Security Practice of PASOE REST Service Behind Web Application Firewall
Replies
0
Views
228
randyer
R
T
  • Locked
[Progress Communities] [Progress OpenEdge ABL] Forum Post: RE: Need Help with deployment of WAR File
Replies
0
Views
594
Tim Hutchens
T
D
  • Locked
[Progress Communities] [Progress OpenEdge ABL] Forum Post: RE: Bulk insert into OpenEdge database table
Replies
0
Views
390
dbeavon
D
A
  • Locked
[Progress News] [Progress OpenEdge ABL] Content Promotion in Sitefinity: Best Practices Setting Up and Operating SiteSync
Replies
0
Views
1K
Anton Tenev
A
D
  • Locked
[Progress Communities] [Progress OpenEdge ABL] Forum Post: RE: PASOE error 18318 and 18320 in log file - connection timeout
Replies
0
Views
767
dbeavon
D
Top