Information Technology Reference
In-Depth Information
Internet connectivity of the Internet module. Design techniques are the same as those de-
scribed for these modules. Devices located in the e-commerce submodule include
Web and application servers:
Primary user interface for e-commerce navigation.
■
Database servers:
Contain the application and transaction information.
■
Firewall and firewall routers:
Govern the communication between users of the
system.
■
Network intrusion prevention systems (IPS):
Provide monitoring of key network
segments in the module to detect and respond to attacks against the network.
■
Multilayer switch with IPS modules:
Provide traffic transport and integrated se-
curity monitoring.
■
Internet Connectivity Module
The Internet submodule of the enterprise edge provides services such as public servers,
email, and DNS. Connectivity to one or several Internet service providers (ISP) is also pro-
vided. Components of this submodule include
Firewall and firewall routers:
Provide protection of resources, stateful filtering of
traffic, and VPN termination for remote sites and users
■
Internet edge routers:
Provide basic filtering and multilayer connectivity
■
FTP and HTTP servers:
Provide for web applications that interface the enterprise
with the world via the public Internet
■
SMTP relay servers:
Act as relays between the Internet and the intranet mail
servers.
■
DNS servers:
Serve as authoritative external DNS server for the enterprise and relay
internal requests to the Internet
■
Several models connect the enterprise to the Internet. The simplest form is to have a single
circuit between the enterprise and the SP, as shown in Figure 2-8. The drawback is that
you have no redundancy or failover if the circuit fails.
Service Provider
Edge
Enterprise
Edge
Figure 2-8
Simple Internet Connection
