InfoCenter Home > 7.1.3.7: Demilitarized zone (DMZ) sample topologyA demilitarized zone (DMZ) configuration involves multiple firewalls that add layers of security between the Internet and a company's critical data and business logic. The following figure shows an example of a simple DMZ topology.
The main purpose of a DMZ configuration is to protect the business logic and data in the environment from unauthorized access. A typical DMZ configuration includes:
The area between the two firewalls gives the DMZ configuration its name. Additional firewalls can further safeguard access to databases holding administrative and application data. DMZ configurations can be implemented for a wide variety of multi-tiered systems. Article 7.1.4, Firewall and demilitarized zone configurations, compares some DMZ configuration options and can help you to select which one is right for your organization. Typical useThe advantage of using a DMZ topology is heightened security. Its drawbacks are more complex administration and maintenance. In addition, an administration server often cannot be run on the DMZ node. The firewall is intended to protect the back-end database server from unauthorized access, but it can prevent the administrative server from gaining access to the administrative repository. |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|