Another way to represent the components of a logical architecture is to place them in access zones that show how the architecture provides secure access. The following figure illustrates access zones for deploying Java Enterprise System components. Each access zone shows how components provide secure remote access to and from the Internet and intranet.
The following table describes the access zones depicted in Access Zones.
Table 4–6 Secure Access Zones and Components Placed Within Them
Access Zone |
Description |
---|---|
Access to the Internet through policies enforced by a firewall between the intranet and the Internet. The Internal access zone is typically used by end users for web browsing and for sending email. In some cases, direct access to the Internet for web-browsing is allowed. However, typically secure access to and from the Internet is provided through the external access zone. |
|
Provides secure access to and from the Internet, acting as a security buffer to critical back-end services. |
|
Provides restricted access to critical back-end services, which can only be accessed from the external access zone. |
Access Zones does not illustrate the logical tiers depicted in the previous examples, but instead focuses on which components provide remote and internal access, the relationship of these components to security measures such as firewalls, and a visual depiction of access rules that must be enforced. Use the multi-tier architecture design in combination with the design showing access zones to provide a logical model of your planned deployment.