Sun Microsystems 2005Q1 Server User Manual


 
Designing SRA Deployment Scenarios
116 Portal Server 6 2005Q1 Deployment Planning Guide
The disadvantage to this configuration is that multiple ports need to be opened in
the second firewall for each connection request. This could cause potential security
problems.
Netlet and Rewriter Proxies
Figure 5-14 shows a configuration with a Netlet Proxy and a Rewriter Proxy on the
intranet. With these proxies, only two open ports are necessary in the second
firewall.
The Gateway need not contact the application hosts directly now, but will forward
all Netlet traffic to the Netlet proxy and Rewriter traffic to the Rewriter Proxy.
Since the Netlet Proxy is within the intranet, it can directly contact all the required
application hosts without opening multiple ports in the second firewall.
The traffic between the Gateway in the DMZ and the Netlet Proxy is encrypted,
and gets decrypted only at the Netlet Proxy, thereby enhancing security.
If the Rewriter Proxy is enabled, all traffic is directed through the Rewriter Proxy,
irrespective of whether the request is for the Portal Server node or not. This ensures
that the traffic from the Gateway in the DMZ to the intranet is always encrypted.
Because the Netlet Proxy, Rewriter Proxy, and Portal Server are all running on the
same node, there might be performance issues in such a deployment scenario. This
problem is overcome when proxies are installed on a separate nodes to reduce the
load on the Portal Server node.