Security planning - network topology

Sterling™ Order Management System Software is typically implemented as an internal application that is accessible from an Internal Network or across from VPN.

Where is Sterling Order Management System Software being accessed from?

  • Public Internet?
  • Virtual private network (VPN)?
  • Internal Local area network (LAN)?

Regardless of the network, it is strongly recommend that you use SSL to encrypt all the Sterling Order Management System Software screen requests. SSL processing can be expensive and can add an additional 30% or more processing overhead to each application server transaction. Depending on your transaction volumes, you may want to offload your SSL processing to specialized devices such as an F5 load-balancer with built-in hardware SSL engines.

Accessing over the public internet

If you are accessing Sterling Order Management System Software over the Public Internet you have to also consider additional security concerns such as denial of service attacks.

Deploying over a virtual private network

If you are deploying Sterling Order Management System Software over a virtual private network (VPN), the major factor in security and performance is the VPN encryption. Many firewall providers offer encryption and decryption accelerators that can be added directly to their firewalls. Checkpoint's FireWall-1, VPN-1 Accelerator Card II, is an example of this. However, one consideration for purchasing accelerator cards is how many VPN tunnels are needed. You also need to determine if the VPN is being set up for site-to-site implementation or if each individual user opens their own tunnel. If you decide on a site-to-site VPN, typically memory in the firewall is the greatest concern. If each user opens their own tunnel, processor speed is the largest concern.

In many cases the deciding factor is the speed at which your VPN is connected. If you have a T1 line, a single processor machine may suit your needs. If you plan to deploy over a T3 line, you may wish to consider a multiple-processor machine. Most firewall and VPN vendors can help you size the machine you purchase from them for optimal security and performance.

Deploying over a local area network

If you are deploying Sterling Order Management System Software over a local area network (LAN), performance should not be an issue. We strongly recommend you SSL all Sterling Order Management System Software screens even on an Internal Network.