Two-Tier Architecture
In a two-tier architecture, the portal is in a demilitarized zone (DMZ), while Service Provider remains secure within the enterprise. The portal accesses Service Provider over SPML or with a RemoteContext.
Implementing a two-tier architecture means you must take additional security precautions. It is recommended that you perform the following steps to secure your network:
-
Install a firewall between the portal server and the Service Provider server.
-
Use either HTTPS or HTTP in conjunction with SSL for communications between the servers. This is especially true if Service Provider resides in an untrusted domain.
-
Restrict the IP addresses that the portal server and Service Provider server can use to communicate.
The following diagram illustrates how Service Provider can be implemented in a two-tier architecture.
Figure 2–2 Two-Tier Architecture with a Custom User Interface
- © 2010, Oracle Corporation and/or its affiliates