Secure Remote Access
Chapter 1 Portal Server Architecture 27
The main advantage of SRA is that only the IP address of the Gateway is published
to the Internet. All other services and their IP addresses are hidden and never
published to a Domain Name Service (DNS) that is running on the public network
(such as the Internet).
The Gateway resides in the demilitarized zone (DMZ). The Gateway provides a
single secure access point to all intranet URLs and applications, thus reducing the
number of ports to be opened in the firewall. All other Sun Java System services
such as Session, Authentication, and Portal Desktop, reside behind the DMZ in the
secured intranet. Communication from the client browser to the Gateway is
encrypted using HTTP over Secure Sockets Layer (SSL). Communication from the
Gateway to the server and intranet resources can be either HTTP or HTTPS.
Figure 1-2 shows Portal Server installed with SRA. SSL is used to encrypt the
connection between the client and the Gateway over the Internet. SSL can also be
used to encrypt the connection between the Gateway and the Portal Server system.
The presence of a Gateway between the intranet and the Internet extends the
secure path between the client and the Portal Server system.
Figure 1-2 Portal Server in Secure Mode
Internet
intranet
Portal Server
Applications
Client
Firewall
Client
Firewall
Firewall
Gateway
DMZ