Siebel Security Guide > About Security for Siebel Business Applications > Siebel Security Architecture >

Secure Physical Deployment to Prevent Intrusion

Access to the physical devices that host Siebel Business Applications must be protected. If these devices are compromised, then the security of all applications on the computer is at risk. Utilities that provide computer-level security, by either enforcing computer passwords or encrypting the computer hard drive, can be used and are transparent to the Siebel application.

In Siebel application deployments, the Web server resides in the demilitarized zone (DMZ). Clients outside the firewall access the Web server and the Siebel Server through a secure connection.

• In employee application deployment, clients as well as servers often reside behind a firewall.
• In customer or partner application deployment, or in employee application deployment where employees accessing the application are outside of the firewall, the Siebel Server is deployed behind an additional firewall.

Siebel Business Applications also support reverse proxy configuration to further enhance the DMZ security. Increasingly, firewall vendors offer virtual private network (VPN) capabilities. VPNs provide a protected means of connecting to the Siebel application for users (such as employees) who require remote access.

Siebel Business Applications work with leading third-party vendors to provide additional physical security measures, such as attack prevention, data back-up, and disaster recovery. For example, HTTP load balancing protects against denial-of-service attacks by handling TCP connections and catching incoming attacks before they reach the Siebel Server. Furthermore, only one IP address and one port have to be opened on the firewall between the Web server and the Siebel Server.

The architecture of Siebel Business Applications takes advantage of high availability technologies, such as Microsoft Cluster Services, which allow multiple computers to function as one by spreading the load across multiple systems. High availability technologies address the need for failover and catastrophic recovery management. For more information, see Siebel Deployment Planning Guide. For information about security issues related to the physical deployment of Siebel components, see Siebel Security Hardening Guide.