Demilitarized Zone (DMZ) |
 |
 Posted: 2009-10-26 | Type: IT infrastructure 9948 views | 6 comments | category: Business Process Management |
|
| Which presentation starting at 2.45pm on Tuesday at ProcessWorld should I cover? | ||
| Group: We Love BPM Posted: 2011-05-20 1966 views | 1 comments | |
| Which presentation starting at 1.30pm on Tuesday at ProcessWorld should I cover? | ||
| Group: We Love BPM Posted: 2011-05-20 2513 views | 1 comments | |
| Which presentation starting at 11am on Tuesday at ProcessWorld should I cover? | ||
| Group: We Love BPM Posted: 2011-05-20 2770 views | 1 comments | |
| About BPMN 2 as interface between ARIS and webMethods | ||
| Group: ARIS BPM Blog Posted: 2011-04-29 4131 views | 2 comments | |
| April Fool's: ARIS will phase-out EPC: migrate to BPMN 2 now! | ||
| Group: ARIS BPM Blog Posted: 2011-04-01 6742 views | 13 comments | |
| Software AG beats Oracle, Accenture and Wipro in BusinessWeek Hot Tech 50 | ||
| Group: ARIS BPM Blog Posted: 2011-02-16 5076 views | 0 comments | |
| How to embed an ARIS Community model into your page | ||
| Group: ARIS BPM Blog Posted: 2011-02-02 8587 views | 8 comments | |
| Is BPM just a bunch of projects? | ||
| Group: ARIS BPM Blog Posted: 2011-01-21 3742 views | 12 comments | |
| Family Tree of British Royals | ||
| Group: BPM is fun Posted: 2010-10-15 Type: General diagram | |
| Commercial use of ARIS Express? Yes you can! | ||
| Group: ARIS BPM Blog Posted: 2010-09-29 5993 views | 15 comments | |
| Comments |
It’s good that you've depicted only public FTP and public WEB services in DMZ, cause, these services are really placed in DMZ. But there are exceptions like MS Exchange Server. A lot of IT specialists build mail service of company with Exchange Servers placed in LAN area. They just open some ports to realize access to mail protocols from WAN (especially from Internet). Today there are a lot of discussions on this theme :) Somehow it’s own decision of each IT specialist.
Sebastian, do you have a wish to represent case when we have VPN connections to corporate network? I want to see it, it’s very interesting.
- Login or register to post comments
Hi Henry,
you are raising an important point with VPN. A VPN must be accessible for the public. Therefore, the VPN server must be located in the DMZ. I have updated the diagram to reflect this. I used a "network device" for the VPN Server, because today VPN servers are appliances, which you can directly integrate in your network.
In the updated diagram, the VPN is the only way to handle incoming connections to the LAN. Outgoing connections from the LAN do not need to go through the VPN server.
Does that make sense or would you model it in a different way?
Your model is very safe model. But, actually, I think, it’s realized in huge companies where prohibited full access to LAN area. But in small companies and in home solutions there is simpler construction…
VPN server is placed inside of LAN area, because it’s used just for unrestricted access to services inside LAN.
Technical realization: in this case we should open and redirect the port 1723 on firewall to forward packets from WAN to VPN Server.
But I have next question to you…
If I want to depict VPN Server on diagram as software solution (not hardware), what kind of rectangle should I take? Is it “IT system”?
Hi Henry,
there are different ways to model it. If you want to depict your VPN Server as a software solution, you would use IT system. If important, you would put it on a hardware.
Regards,
Sebastian
Ooh, yes, I had same supposition.
Thank you for help and confirmation of my guess.
