DMZ with Two Firewall Configuration
9.5.2 Additional Security for Shared Databases
If you use a single database that supports both internal data and data for externally-available Web applications, you should consider placing a hard boundary between the object layer that accesses your database. Doing so simply reinforces the DMZ boundaries described in Section 9.5.1, Basic Firewall for Proxy Architectures, by adding an additional firewall.9.5.2.1 DMZ with Two Firewall Configuration
The configuration shown in Figure 9–10 places an additional firewall in front of a database server that is shared by the Web application and internal trusted clients. This configuration provides additional security in the unlikely event that the first firewall is breached, and a hacker ultimately gains access to servers hosting the object tier. Note that this circumstance should be extremely unlikely in a production environment—your site should have the capability to detect and stop a malicious break-in long before a hacker gains access to machines in the object layer. Cluster Architectures 9-17 Figure 9–10 DMZ with Two Firewalls Architecture In the above configuration, the boundary between the object tier and the database is hardened using an additional firewall. The firewall maintains a strict application-level policy that denies access to all connections except JDBC connections from WebLogic Servers hosting the object tier. 9-18 Using Clusters for Oracle WebLogic Server 10 Setting up WebLogic Clusters 10-1 10 Setting up WebLogic Clusters The following sections contain guidelines and instructions for configuring a WebLogic Server cluster: ■ Section 10.1, Before You Start ■ Section 10.2, Cluster Implementation Procedures10.1 Before You Start
This section summarizes prerequisite tasks and information for setting up a WebLogic Server cluster.10.1.1 Understand the Configuration Process
The information in this section will be most useful to you if you have a basic understanding of the cluster configuration process and how configuration tasks are accomplished. For information about the configuration facilities available in WebLogic Server and the tasks they support, see Section 4, Understanding Cluster Configuration.10.1.2 Determine Your Cluster Architecture
Determine what cluster architecture best suits your needs. Key architectural decisions include: ■ Should you combine all application tiers in a single cluster or segment your application tiers in separate clusters? ■ How will you balance the load among server instances in your cluster? Will you: – Use basic WebLogic Server load balancing, – Implement a third-party load balancer, or – Deploy the Web tier of your application on one or more secondary HTTP servers, and proxy requests to it? ■ Should you define your Web applications De-Militarized Zone DMZ with one or more firewalls? To guide these decisions, see Section 9, Cluster Architectures, and Section 5, Load Balancing in a Cluster. The architecture you choose affects how you set up your cluster. The cluster architecture may also require that you install or configure other resources, such as load balancers, HTTP servers, and proxy plug-ins.Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope and Audience Guide to this Document
» What Are the Benefits of Clustering? What Are the Key Capabilities of a Cluster?
» Servlets and JSPs EJBs and RMI Objects
» Getting Connections with Clustered JDBC Failover and Load Balancing for JDBC Connections
» Pure-Java Versus Native Socket Reader Implementations
» Client Communication via Sockets
» How WebLogic Server Creates the Cluster-Wide JNDI Tree
» How WebLogic Server Updates the JNDI Tree Client Interaction with the Cluster-Wide JNDI Tree
» Load Balancer Configuration Requirements Load Balancers and the WebLogic Session Cookie
» Related Programming Considerations How Session Connection and Failover Works with a Load Balancer
» Round-Robin Load Balancing Weight-Based Load Balancing
» Transactional Collocation Optimization for Collocated Objects
» Methods of Configuring Clusters Load Balancing for JDBC Connections
» Using Replication Groups HTTP Session State Replication
» Connection with Load Balancing Hardware Failover with Load Balancing Hardware
» Configuration Requirements for Cross-Cluster Replication
» Configuring Session State Replication Across Clusters
» Clustering Objects with Replica-Aware Stubs
» Failover and JDBC Connections Understanding Server and Service Migration
» Migration Terminology Oracle Fusion Middleware Online Documentation Library
» Features That Use Leasing Leasing Versions
» Determining Which Type of Leasing To Use High-availability Database Leasing
» Non-database Consensus Leasing Leasing
» Preparing for Automatic Whole Server Migration
» Configuring Automatic Whole Server Migration
» Startup Process in a Cluster with Migratable Servers
» Automatic Whole Server Migration Process
» Manual Whole Server Migration Process Administration Server Role in Whole Server Migration
» Migratable Server Behavior in a Cluster Node Manager Role in Whole Server Migration
» Cluster Master Role in Whole Server Migration
» JMS-related Services JTA Transaction Recovery Service
» Custom Store Availability for JMS Services Default File Store Availability for JTA
» Best Practices for Targeting JMS when Configuring Automatic Service Migration
» Architecture Web Application Tiers
» Combined Tier Architecture De-Militarized Zone DMZ Load Balancer Proxy Plug-In
» No Collocation Optimization Firewall Restrictions
» Multi-Tier Proxy Architecture Proxy Architecture Benefits Proxy Architecture Limitations
» Proxy Plug-In Versus Load Balancer
» DMZ with Two Firewall Configuration
» Dynamic Cluster Address If you do not explicitly define a cluster address
» Configuration Roadmap Install WebLogic Server
» Starting a WebLogic Server Cluster
» Configure Node Manager Configure Load Balancing Method for EJBs and RMIs
» Sample web.xml This section contains a sample deployment descriptor file
» Accessing Applications Via the Proxy Server Ensure that applications clients will
» Configure Replication Groups Configure Migratable Targets for Pinned Services
» Migrating When the Currently Active Host is Unavailable Use this migration
» Configure Multicast Time-To-Live TTL Configure Multicast Buffer Size
» Cluster-Related Configuration Options Follow Usage and Configuration Guidelines
» Manual Migration of the JTA Transaction Recovery Service State Management in a Cluster
» Naming Considerations Administration Server Considerations
» Firewall Considerations Avoiding Problems
» Check the Server Version Numbers Check the Multicast Address Check the CLASSPATH Value
Show more