DMZ Security

DMZ security involves controlling Internet traffic to private networks by installing a Relay Server between your inner and outer firewalls.

The outer firewall has HTTP and HTTPS ports open to allow client Internet traffic to reach the Relay Server.

DMZ Security

• Relay Server as Firewall Protection
  The Relay Server is a pair of Web server plug-ins, which you can install on an Internet Information Service (IIS) server on Windows, or on the Apache Web server on Linux.
• RSOE as the SAP Mobile Server Protection
  One RSOE process is installed in each SAP Mobile Server cluster member, in front of each synchronization subcomponent that communicates with a client. Replication service components and messaging service components both use RSOEs attached to their communication ports.
• Relay Server and RSOE Communication Security
  The RSOE runs on the same computer as an SAP Mobile Server and is configured with the address of a Relay Server (the inner firewall is open to outgoing traffic, but not incoming traffic).
• Configuring Connection Properties for Relay Server Components
  In most highly available deployments, you configure both Relay Server and RSOE to use HTTP when connecting to SAP Mobile Server on the corporate LAN. In more specialized, less available deployments (for example, where BES is inside the corporate LAN and is configured to connect directly to SAP Mobile Server without any load-balancing by Relay Server), use HTTPS.