Firewalls provide services that can be used to control access from a less trusted network to a more trusted network. Traditional implementations of firewall services include:

• Screening routers (the protocol firewall in this design)
• Application gateways (the domain firewall)

The two firewall nodes provide increasing levels of protection at the expense of increasing computing resource requirements. The protocol firewall is typically implemented as an IP router, while the domain firewall is a dedicated server node.

Additional Resources

• (in English) ESS

This Node is a personal computing device, such as a PC, supporting a commercial browser (e.g. Netscape Navigator or Internet Explorer). The level of the browser is expected to support SSL and some level of DHTML. Most online buying implementations will send a "Cookie" to the browser on this node in order to maintain the shopping session. The cookie will contain a session id, which can be used to reconnect with a partially filled shopping basket or order and to re-establish the conversation for each interaction.

Firewalls provide services that can be used to control access from a less trusted network to a more trusted network. Traditional implementations of firewall services include:

• Screening routers (the protocol firewall in this design)
• Application gateways (the domain firewall)

The two firewall nodes provide increasing levels of protection at the expense of increasing computing resource requirements. The protocol firewall is typically implemented as an IP router, while the domain firewall is a dedicated server node.

Additional Resources

• (in English) ESS

The load balancer, or dispatcher, node provides horizontal scalability by dispatching HTTP requests among several, identically configured Web servers.

See Also

• Load balancer
• Transactional Web server

Additional Resources

• (in English) ESS

Net.Commerce for AS/400 provides all the necessary commerce application functions (Order Management, Marketing, Shipping, Tax, Payment, Sales Assistant). A built-in web server provides secure access to the Internet over SSL and all the standard web server functions you'll need (graphical configuration, logging, reporting, caching, digital certificate support, support for Java servlets and much more). A built-in search engine provides a user friendly way to search and display web content. An integrated Java Virtual Machine provides a highly scalable mechanism for running Java programs and the standard Java Development Kit from JavaSoft.

AS/400 is often used as an application server node for processing business logic and providing data access. Data access is handled with full transaction integrity to allow multiple users to access and update the data simultaneously. AS/400 provides numerous Enterprise Resource Planning (ERP) solutions that can provide the core business logic for any size business.

This node represents the functionality supporting the creation of the data that resides on the Database Server and Commerce Server Nodes. It also represents the function to manage and stage that data into production on the servers. The functionality of this node is quite broad, and might be thought of as encompassing an entire subsystem.

The timely synchronization of several Web Servers is sometimes achieved by using a Shared File System as the content storage, capitalizing on the replication capability of this technology.

This node is a logical representation of the functions required to manage all the nodes and components in the system, including the management of problems, changes, performance, configuration of assets, and others.

There are usually two aspects to systems management:

• A managing aspect (with server components running on one or more systems management servers)
• A managed aspect (with systems management client components running on every node in the system)

For example, there should be client components running on every node, which are able to accept and install changes sent from a change management server. The changes may be either pulled from the client on demand, or pushed from the server with centralized control. On critical nodes, there may also be problem management components that send a "heartbeat" back to a central monitoring site. If a heartbeat is missed, the managing site raises an alert.

It is important to remember that there is not only a server side but also a client side to systems management. The client side needs to reside on all nodes in the system. The one exception would be unmanaged workstations of the general public or of other business partners. In these cases, a particular organization would have no control and limited ability to provide systems management.

This node is a logical representation of the functions needed to manage the security of a system. It works in conjunction with the Directory Node. Think of the directory as the repository that holds:

• Data about security such as user IDs and associated passwords, or digital certificates (used to authenticate a user)
• Lists of services that a user is authorized to perform (authorization or access control)

Think of the security node as holding the set of components that define the decisions to be made. The node may perform the actual security processing; for example, verify certificates. The authentication in most current designs validates the access to the Web Application Server, but it can also authenticate the access to the Database Server.

The security domain describes the components needed to implement the technical dimension of security and how these components interact to implement the technical aspects of a security policy.

The components that implement security are distributed throughout the network. It's unlikely there's a node in the system that does not include some components implementing some aspect of security. The Security Node represents centralized services that support security on other nodes.

The treatment of security combines network design for security with a particular emphasis on achieving a secure implementation of Internet and Intranet network access. Security is built by use of the following security services:

• Confidentiality: providing privacy by protecting sensitive information from access unless authorized
• Identification and Authentication: identifying entities, verifying their identities, and assuring individual accountability
• Access Control: providing mechanisms for granting access to authorized and authenticated users
• Data Integrity: providing detection of the unauthorized modification of data
• Non Repudiation: assuring that any transaction that takes place can subsequently be proved to have taken place (also called accountability)
• Isolation: providing protection by isolating a resource and therefore restricting potential access to it
• Audit: monitoring and review of security-relevant events

Together these services must provide end-to-end security, integrating security facilities across heterogeneous environments.

Directory Services provides an integrated LDAP server that easily integrates with other LDAP servers to provide for the directory needs of an e-business solution.