Bookshelf Home | Contents | Index | Search | PDF

Security Guide for Siebel eBusiness Applications > Physical Deployment and Auditing > Firewall Support >

Recommended Placement for Firewalls

---

This section describes a placement of firewalls with respect to Siebel network components. A Siebel network typically has four zones:

The Internet zone where Web Clients reside.
The Web Server zone where Siebel Web servers and Web server load balancers reside. Sometimes called the DMZ (demilitarized zone), this zone is where the external network first interacts with the Siebel environment.
The Siebel Server zone (sometimes called the application server zone): components that reside inside this zone include Siebel Servers, the Siebel Gateway, a connection broker (such as Resonate Central Dispatch scheduler), and the authentication server.
The Data Server zone where the Siebel Database and Siebel File System and Database Server reside. Typically, this is where the most critical corporate assets reside. Access to this zone should be limited to authorized application administrators and database administrators only.

Siebel network architecture allows you to install firewalls between each of these zones. However, for optimum performance, it is not recommended to install a firewall between the Siebel Server zone and the Data Server zone, or between the Siebel Database and the Siebel Database Server. Figure 5 shows the recommended placement for firewalls in Siebel networks.

Figure 5.  Firewalls in Siebel Networks

For additional security, it is recommended to install an additional Web server to act as a proxy to handle traffic between the Web Clients and the Web server that contains the Siebel Web Server Extension (SWSE).

Bookshelf Home | Contents | Index | Search | PDF