Oracle Application in DMZ (Demilitarized Zone)
Posted
by PRajkumar
on Oracle Blogs
See other posts from Oracle Blogs
or by PRajkumar
Published on Sun, 9 Sep 2012 10:27:58 +0000
Indexed on
2012/09/09
15:44 UTC
Read the original article
Hit count: 221
/Oracle
Business Needs
Large Organizations want to expose their Oracle Application services outside their private network (HTTP/HTTPS and SSL). Usually these exposures must exist to promote external communication. So they want to separate an external network from directly referencing an internal network
Business Challenges
· Business does not want to compromise with security information
· Business cannot expose internal domain or internal URL information
Business Solution
DMZ is the solution of this problem. In Oracle application we can achieve this by following way –
· Oracle Application consists of fleet nodes (FND_NODES) so first decide which node have to expose to public
· To expose the node to public use the profile “Node Trust Level”
· Set node to Public/Private (Normal -> private, External -> public)
· Set "Responsibility Trust Level" profile to decide whether to expose Application Responsibility to inside or outside firewall
Business Solution
DMZ is the solution of this problem. In Oracle application we can achieve this by following way –
· Oracle Application consists of fleet nodes (FND_NODES) so first decide which node have to expose to public
· To expose the node to public use the profile “Node Trust Level”
· Set node to Public/Private (Normal -> private, External -> public)
· Set "Responsibility Trust Level" profile to decide whether to expose Application Responsibility to inside or outside firewall
Solution Features
· Exposed web services can be accessed by both internal and external users
· Configurable and can be very easily rolled out
· Internal network and business data is secured from outside traffic
· Unauthorized access to internal network from outside is prohibited
· No need for VPN and Secure FTP server
Benefits
· Large Organizations having Oracle Application can expose their web services like (HTTP/HTTPS and SSL) to the internet without compromise with security information and without exposing their internal domain
Possible Week Points
· If external firewall is compromised, then external application server is also compromised, exposing an attack on E-Business Suite database
· There’s nothing to prevent internal users from attacking internal application server, also exposing an attack on E-Business Suite database
Reference Links
· https://blogs.oracle.com/manojmadhusoodanan/tags/dmz
© Oracle Blogs or respective owner