Siebel Security Guide > Physical Deployment and Auditing >

Role of Siebel Server Load Balancing in Network Security

You can load-balance your Siebel Servers, using either Siebel load balancing or a third-party HTTP load balancer.

A third-party load balancer typically can provide additional security features, such as limiting TCP port exposure to a single port for multiple Siebel Servers. Single-port exposure allows you to consolidate network access for better port monitoring and security. It also provides simplified firewall configuration. You only have to configure one virtual port, not many.

Additional security features provided by most third-party load balancers include:

• Denial of Service (DoS) Attack prevention. In a DoS attack, a third-party HTTP load balancer helps handle the TCP connections. Incoming attacks can be caught at the load balancer before they ever reach the Siebel Server. A third-party HTTP load balancer typically has a built-in mechanism to stop DoS attacks at the point of entry.
• Virtual IP (VIP) addressing. A third-party HTTP load balancer uses VIP addressing to shield hackers from accessing Siebel Servers directly. Because a VIP is an IP alias, no physical addresses are ever exposed. Web servers in the DMZ communicate with the VIP only.
• TCP handshake protection. The TCP handshake is replayed from the third-party HTTP load balancer to the Siebel Server rather than directly from the Web server to the Siebel Server.

For information on configuring load balancing for your Siebel deployment, see Siebel System Administration Guide and the Siebel Installation Guide for the operating system you are using.