Bookshelf Home | Contents | Index | PDF |
Siebel Security Hardening Guide > Securing the Network and Infrastructure > About Securing the Network Infrastructure > Proxy ServersSiebel Business Applications support the use of both forward and reverse-proxy servers within a deployment. Using proxy servers enhances security by preventing direct access to servers from the Internet. Forward Proxy ServersForward proxy servers are generally used to provide Web access to the Internet for client computers when direct routing is not possible, either because it is forbidden by policy or by the network implementation. Forward proxy servers are therefore part of the client security infrastructure. They are also sometimes used by Internet service providers for caching. Reverse Proxy ServersA reverse-proxy server acts as an intermediary to prevent direct connections from clients to Web servers. A reverse-proxy server shields internal IP addresses from users by rewriting the IP addresses of the Web servers so that the Web server IP addresses are not revealed to the user. Additionally, the reverse proxy server can cache data closer to end users, thereby improving performance. Reverse-proxy servers provide an additional layer of security by helping protect the Web server from direct external attacks, but do not directly help secure the Web application. To handle traffic between the external Siebel Web clients and the Web server that contains the SWSE, install a reverse-proxy server in the demilitarized zone (see Figure 2). The Web server and SWSE can then be moved behind a firewall into a separate zone or into the intranet zone. Customer applications, which use standard interactivity, commonly are deployed with reverse proxy servers. Employee applications, which use high interactivity, can also be deployed with reverse proxy servers. If you deploy applications that use high interactivity with a reverse proxy server or a Web server load balancer, then note the following considerations:
|
Siebel Security Hardening Guide | Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |