Recommended Deployment Configurations

This section describes recommended deployment configurations for Simphony.

The Simphony product is deployed on a cluster of servers. The simplest deployment architecture is the Server-Oriented Architecture (SOA) shown in Overview of Simphony Security.

The general architectural recommendation is to use the well-known and generally accepted Internet-Firewall-DMZ-Firewall-Intranet architecture shown in the following figure.

Figure 1-2 Traditional DMZ

This figure shows the Traditional DMZ view.

The term demilitarized zone (DMZ) refers to a server that is isolated by firewalls from both the Internet and the intranet, thus forming a buffer between the two. Firewalls separating DMZ zones provide two essential functions:

Blocking any traffic types that are known to be illegal
Providing intrusion containment, should successful intrusions take over processes or processors

See Port Numbers in Appendix A for more information about Simphony network port usage.