Oracle® Application Server Enterprise Deployment Guide
10g Release 3 (10.1.3) B25210-02 |
|
![]() Previous |
![]() Next |
This chapter introduces Enterprise Deployment concepts, and summarizes the benefits provided by the Oracle Application Server Enterprise Deployment configurations described in other chapters of this guide. It contains the following topics:
Section 1.1, "What is an Enterprise Deployment?"
Section 1.2, "Benefits of the Oracle Application Server Enterprise Deployment Configurations"
An enterprise deployment is one of the Oracle Application Server configurations described in this guide, designed to support large-scale, mission-critical business software applications. The hardware and software in an Enterprise Deployment configuration delivers:
High quality service
The system workload is managed and balanced effectively
Applications continue to operate when resources are added or removed
System maintenance and unexpected failures cause zero downtime
All incoming network traffic is received by the load balancing router on a single, secure port and directed to internal IP addresses within the firewall; inside the firewall, functional components are grouped within DMZs
User accounts are provisioned and managed centrally
Security systems are integrated
Administrative access is isolated
Efficient software provisioning and management
Application distribution is simple
Systems are managed and monitored as one logical unit in a central console
Death detection and restart mechanisms ensure availability
The Oracle Application Server configurations discussed in this guide are designed to ensure security of all transactions, maximize hardware resources, and provide a reliable, standards-compliant system for enterprise computing with a variety of applications. This section describes the security and high availability benefits of the Oracle Application Server configurations and how they are achieved.
The Enterprise Deployment architectures are secure because every functional group of software components is isolated in its own DMZ, and all traffic is restricted by protocol and port. The following characteristics ensure security at all needed levels, as well as a high level of compliance with standards:
All external communication received on port 80 is redirected to port 443.
Communication from external clients does not go beyond the Load Balancing Router level.
No direct communication from the Load Balancing Router to the Data tier DMZ is allowed.
Components are separated between DMZs on the Web Tier, Application Tier, and the Data Tier.
Direct communication between two firewalls at any one time is prohibited.
If a communication begins in one firewall zone, it must end in the next firewall zone.
Oracle Internet Directory is isolated in the Data tier DMZ.
Identity Management components are in the DMZ.
All communication between components across DMZs is restricted by port and protocol, according to firewall rules.