Bookshelf Home | Contents | Index | PDF     

Siebel Security Hardening Guide > Securing the Network and Infrastructure > About Securing the Network Infrastructure >

Load Balancers

You can balance loads on your Siebel Servers using native Siebel load balancing or a third-party HTTP load balancer. Using HTTP load balancing distributes incoming network traffic over several servers.

A third-party load balancer typically can provide additional security features, such as limiting TCP port exposure to a single port for multiple Siebel Servers. Single-port exposure allows you to consolidate network access for better port monitoring and security. It also provides simplified firewall configuration. You have to configure only one virtual port.

Additional security features provided by most third-party load balancers include:

  • Denial of service (DoS) attack prevention. In a DoS attack, a third-party HTTP load balancer helps handle the TCP connections. Incoming attacks can be caught at the load balancer before they reach the Siebel Server. A third-party HTTP load balancer typically has a built-in mechanism to stop DoS attacks at the point of entry.
  • Virtual Internet Protocol (VIP) addressing. A third-party HTTP load balancer uses VIP addressing. Unlike an IP address, a VIP address is not associated with a specific device in a network, so VIP addressing helps prevent hackers from accessing Siebel Servers directly. Web servers in the demilitarized zone communicate with the VIP only.
  • TCP handshake protection. The TCP handshake is replayed from the third-party HTTP load balancer to the Siebel Server rather than directly from the Web server in the demilitarized zone to the Siebel Server. This helps prevent attacks in which the TCP handshake is intercepted and redirected, for example, a SYN flood DoS attack.

When installing Siebel Business Applications, if you are using Siebel Server or third-party HTTP load balancers, then plan the use of TCP ports for firewall access:

  • If Siebel load balancing is used, then make sure the Web server can access the SCBroker port on each Siebel server.
  • If a third-party load balancer is used, then make sure the Web server can communicate with the VIP addresses and ports specified in the load balancer.

For information on the default port allocations used by Siebel Business Applications, see Default Port Allocations.

    
Siebel Security Hardening Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.