Bookshelf Home | Contents | Index | PDF |
Siebel Security Hardening Guide > Securing the Network and Infrastructure > Recommended Network TopologiesThis topic describes the recommended topologies for two different deployments of Siebel Business Applications:
Network Configuration for Medium-Scale Deployments of Siebel Business ApplicationsFigure 3 shows the recommended placement of firewalls and related Siebel Enterprise Server components in a small or medium-scale Siebel Business Applications deployment with internal and external users. The Siebel network configuration for a medium-scale secure deployment is as follows:
The network configuration approach illustrated in Figure 3 follows a defense-in-depth strategy by placing firewalls between the zones of control with only appropriate ports open. A secure channel is implemented using Transport Layer Security (TLS) between the external Web clients and the Web server to take care of security in the insecure Internet. Network Configuration for Large-Scale Siebel DeploymentsFigure 4 shows the recommended placement of firewalls and related Siebel Enterprise Server components in a large-scale, secure Siebel Business Applications deployment with internal and external users. The Siebel network configuration for a large-scale secure deployment is as follows:
If you are using a centralized authentication and authorization system, then it is recommended to put a read-only replica of the authentication and authorization information in a database close to the reverse-proxy server in the demilitarized zone. (Determine whether or not to make a copy of the authentication database available in the demilitarized zone according to the sensitivity of your data.) Encrypt communications and information between the reverse-proxy server and the authentication database. Using a replica database of the authentication information reduces the amount of traffic and firewall rules between the reverse-proxy server and the internal authentication and authorization servers. The centralized authentication system pushes the policies and rules to the replica database, and then the reverse-proxy server communicates with it. Although this type of configuration does not improve security, it improves application availability and performance. Availability is considered a part of security. |
Siebel Security Hardening Guide | Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |