DMZ security involves controlling Internet traffic to private networks by installing a Relay Server between your inner and outer firewalls.
The outer firewall has HTTP and HTTPS ports open to allow client Internet traffic to reach the Relay Server.
Relay Server as Firewall Protection
The Relay Server is a pair of Web server plug-ins, which you can install on an Internet Information Service (IIS) server on Windows, or on the Apache Web server on Linux.
RSOE as the Unwired Server Protection
One RSOE process is installed in each Unwired Server cluster member, in front of each synchronization subcomponent that communicates with a client. Replication service components and messaging service components both use RSOEs attached to their communication ports.
Relay Server and RSOE Communication Security
The RSOE runs on the same computer as an Unwired Server and is configured with the address of a Relay Server (the inner firewall is open to outgoing traffic, but not incoming traffic).
Configuring Connection Properties for Relay Server Components
In most highly available deployments, you configure both Relay Server and RSOE to use HTTP when connecting to Unwired Server on the corporate LAN. In more specialized, less available deployments (for example, where BES is inside the corporate LAN and is configured to connect directly to Unwired Server without any load-balancing by Relay Server), use HTTPS.
Created February 17, 2012.To comment on this topic, go to:
DocCommentXchange.