Community

Web Adaptor machine in DMZ or internal network?

975
1
12-07-2012 09:56 AM
by Anonymous User
Not applicable
‎12-07-2012 09:56 AM
Original User: smenefee

Our initial design was to place the web adaptor machine in our DMZ per a diagram we followed back in May 2012:

[ATTACH=CONFIG]19801[/ATTACH]

However, I'm now seeing a new diagram showing the web adaptor within the internal network:

[ATTACH=CONFIG]19800[/ATTACH]

Is there any value in having the web adaptor (better security, etc) in the DMZ as opposed to the internal network?  Currently we have it in the DMZ and are having a hard time getting our flex web application to read the services.  Having it internal might alleviate some of the communication issues between it and the ArcGIS Server machine on our internal network (because the web adaptor and gis server would both be internal).  So, what would be the reason to put the web adaptor in the DMZ vs in the internal network?

Any help would be appreciated, thank you!
Preview file
155 KB
Preview file
167 KB
0 Kudos
1 Reply
nicogis
by MVP Frequent Contributor
MVP Frequent Contributor
‎12-08-2012 08:49 AM
The second picture refers to situation if your organization already uses a reverse proxy (integrating an existing reverse proxy) and you want the port between the reverse proxy and your secure internal network to remain unknown.

In the first picture the Web Adaptor causes the machine to act as a reverse proxy
0 Kudos