Cluster Topology and Firewalls
The topology of a Web site has implications for using Application Center, because you must accommodate for cross-firewall communication. This section covers some of the many potential topologies that Application Center can employ.
In this example, the internal network is protected by Firewall A. Administration for this topology is straightforward—staging and deployment do not require communication through a firewall. However, a hacker breaking through this layer would be free to cause unlimited damage. In this topology, the database, which might hold sensitive customer information, is particularly exposed.
For further protection, you can add a second firewall to provide the commonly used topology described in "Example 2."
In this example, Firewall A acts as it did in "Example 1." Firewall B provides protection by further limiting access to the database and stager. Typically, this is achieved by allowing the cluster members access through Firewall B only. Traffic originating from the Internet is denied access, even though it has successfully negotiated Firewall A. The area in which the Application Center cluster resides in the perimeter network (also known as DMZ or demilitarized zone). Even if the perimeter network is compromised—for example, as a result of a Trojan Horse attack—the database and other sensitive data that resides in the internal network is still secured by Firewall B.
In this example, Component Load Balancing (CLB) is used to enhance Web site security, which is a common scenario. When used as the means to access data, COM+ components can use their role-based, or programmatic, security mechanisms to safeguard data. Potentially, this could be compromised if the components are placed on the Web-tier cluster. Calls received by the Web-tier cluster might come from an untrustworthy client looking to take illegal advantage of the COM+ components installed on the cluster member. Use CLB to avoid this by moving the COM+ components off the Web-tier cluster onto a firewall-protected COM+ cluster. The firewall allows components to be created only from calls that have originated within the Web-tier cluster and not from the client.
Did you find this information useful? Please send your suggestions and comments about the documentation to