Network Security in OHI Environment

When deploying OHI Components applications onto a network there are many security issues to take into consideration, especially the use of firewall and VPN technologies. A firewall will permit or deny network permissions based on configured rules, to protect the internal network from malicious actions while permitting legitimate communications.

Firewalls perform the following functions in a typical OHI environment:

  • Guard the company Intranet from unauthorized outside access.

  • Separate Intranet users accessing the OHI system from internal subnetworks where critical corporate information and services reside.

  • Protect from IP spoofing and routing threats.

  • Prohibit unauthorized users from accessing protected networks and control access to restricted services.

  • Throttle requests / apply rate limiting.

  • Act as Web Application Firewall protecting against malicious requests.

image

A typical OHI Components environment usually has the following security zones:

  • Internet - External web service clients may come from outside of the company network.

  • Intranet - A company network separated by the external firewall that gives remote workers access to the OHI user interface. This is also where OHI web servers and / or load balancers may be placed. Alternatively, for additional protection, web and load balancing servers may be placed in a separate demilitarized zone (DMZ) where external and internal clients first interact with the OHI environment.

  • OHI application server and database zone - OHI application servers, database servers and possibly authentication servers (for example, if a customer chooses to delegate authentication using LDAP servers) typically reside in this zone.

Ensure that the firewalls used to secure an OHI environment support the HTTP 1.1 protocol; it enables browser cookies and inline data compression for improved performance.