|
From: John Jones
I'll point out that there is legit concern if the i-based solution were to
keep database, apps, and web services on a single LPAR.
I think that's a common misconception. I believe that centralized architecture
tends to be more secure because it's less complex, and easier to manage,
particularly under IBM i.
By definition the database server would be in the outer DMZ as that's
where the web servers have to reside to be visible to the outside world.
What is an "outer" DMZ? It appears to me that the only reason for a DMZ is to
isolate and hide a private network from a public one. If that's the case, why
not just use routers to define your DMZ, rather than using a Web server to
define it? I suspect that the idea of placing web servers in one network, and
database servers in another caught on simply because Microsoft was promoting it,
not because it was actually more secure.
Unfortunately, distributed architecture is so ubiquitous that people naturally
fall in line with these unfounded notions about security.
-Nathan
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.