1.5 Recommended Deployment Configurations

This section describes recommended architectures for deploying Oracle products with secure Internet access.

Figure 1.1, “Simple Firewall Deployment Configuration” shows a simple deployment architecture.

Figure 1.1 Simple Firewall Deployment Configuration

The diagram shows a single system that is isolated from the Internet by a single firewall.


This single-computer deployment may be cost effective for small organizations. However, it cannot provide high availability because all components are stored on the same computer.

Figure 1.2, “DMZ Deployment Configuration” shows the recommended configuration, which uses the well-known and generally accepted Internet-Firewall-DMZ-Firewall-Intranet architecture.

Figure 1.2 DMZ Deployment Configuration

The diagram shows a DMZ server that is isolated by firewalls from both the Internet and the intranet, and which acts a buffer between them.


A demilitarized zone (DMZ) refers to a server that is isolated by firewalls from both the Internet and the intranet, and which acts a buffer between them. The firewalls that separate DMZ zones provide two essential functions: