Skip to Content

Java application server in DMZ

We need to have java web application server in DMZ rather than inside the enterprise network. The initial design was to have web dispatcher in DMZ and have all the application servers inside the enterprise network. But this did not fly with our security team since the authentication is happening inside the enterprise network rather than in DMZ.

Now to accomplish this we have to put application servers in DMZ in this case it is a different domain. is it possible to have central instance and application servers in a different domain? If yes how to install and configure this?

Other option i can think of is, we have only java application, is it ok to just install the java web application server in DMZ and configure the java application to connect to the central instance? I understand netweaver requires a database for java WAS. But is there any standalone version of java WAS without a need of database? Because we cannot host database in DMZ!

Any help is highly appreciated.

RT

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Oct 15, 2008 at 05:13 PM

    I would strongly recommend against putting the application servers in the DMZ. If the main reason is authentication, I would install a standalone java stack authenticating the users, serving as a Ticket Issuing system. SAP java application server requires database instance. You may want to consider other application servers (websphere or weblogic etc) if you can not put a database in DMZ.

    -Regards

    Add comment
    10|10000 characters needed characters exceeded

    • RK,

      Thanks for your ideas. My current proof of concept which worked is instead of application servers I installed java central instances in DMZ and every systems gets its own SID. Having the database inside the enterprise network and open the port in firewall for database, message server and dispatcher to the CRM central instance. This worked fine, but wanted to make sure for any alternatives since i am trying to avoid any database instance. In my current solution I need to have as many database as the application servers in DMZ. Which again needs more space, more security and more powerful servers.

      If somebody else has an alternative solution please let me know.

      Thanks,

      RT.