Sun Java Enterprise System Deployment Planning Guide

Access Zones

Another way to represent the components of a logical architecture is to place them in access zones that show how the architecture provides secure access. The following figure illustrates access zones for deploying Java Enterprise System components. Each access zone shows how components provide secure remote access to and from the Internet and intranet.

Figure 4–5 Logical Components Placed in Access Zones

Diagram showing the placement of Java ES components within secure
access zones.

The following table describes the access zones depicted in Access Zones.

Table 4–6 Secure Access Zones and Components Placed Within Them


Access Zone	Description
Internal access zone(Intranet)	Access to the Internet through policies enforced by a firewall between the intranet and the Internet. The Internal access zone is typically used by end users for web browsing and for sending email. In some cases, direct access to the Internet for web-browsing is allowed. However, typically secure access to and from the Internet is provided through the external access zone.
External access zone(DMZ)	Provides secure access to and from the Internet, acting as a security buffer to critical back-end services.
Secure access zone(Back-end)	Provides restricted access to critical back-end services, which can only be accessed from the external access zone.

Access Zones does not illustrate the logical tiers depicted in the previous examples, but instead focuses on which components provide remote and internal access, the relationship of these components to security measures such as firewalls, and a visual depiction of access rules that must be enforced. Use the multi-tier architecture design in combination with the design showing access zones to provide a logical model of your planned deployment.