Perimeter server overview
A perimeter server is a software tool for communications management that can be installed in a DMZ. The perimeter server manages the communications flow between outer layers of your network and the TCP-based transport adapters. A perimeter server can solve problems with network congestion, security, and scalability, especially in high-volume, Internet-gateway environments.
A perimeter network is a computer network that is placed between a secure internal network and an unsecure external network to provide an additional layer of security. A perimeter server communicates with Sterling B2B Integrator through perimeter services. Perimeter services is the subsystem supporting multihoming and secure perimeter network traversing for B2B communications protocols. A perimeter server requires a corresponding perimeter client.
Perimeter services consist of the following components:
- Perimeter server you install on your DMZ computer or in a more secure network (remote perimeter server).
- Perimeter server pre-installed in Sterling B2B Integrator (local perimeter server).
- Perimeter services API that communications adapters in Sterling B2B Integrator use to use the perimeter servers (local and remote) for multihoming and perimeter network traversal functionality.
- Perimeter servers configuration management components in the Sterling B2B Integrator interface.
The preceding figure shows the following:
- The persistent connection is established from the perimeter services API in Sterling B2B Integrator to the remote perimeter server on the DMZ computer to communicate through port 9999.
- Sterling B2B Integrator has an HTTP Server adapter configured for two scenarios, one secure HTTP through port 9443 and the other non-secure HTTP through port 9980.
- Two trading partners with separate host and port numbers to communicate with Sterling B2B Integrator:
- https://company:9443./Inbopund/as2 - Communicates securely with the HTTP Server adapter on Sterling B2B Integrator through the initial port of 9443.
- http://company:9980/Inbound/as2 - Communicates through non-secure http with the HTTP Server adapter on Sterling B2B Integrator through the initial port 9980.
Perimeter servers help reduce network congestion issues and scalability for high volume environments through session and thread management, and enhance security by moving security threats further from your secure network and data.
A perimeter server and all adapters that communicate with the local perimeter server must be configured on the same node. A node is a single installation of Sterling B2B Integrator. A single node can have multiple configured perimeter servers (local perimeter servers) associated with it.
You can configure a perimeter server for one trading partner that has large files and low transaction volume, and another perimeter server on the same node for a different trading partner that has smaller files and high transaction volume. By configuring each perimeter server according to the trading partner, you can increase system performance.
All adapters installed on a specific node can use the local perimeter server configurations on the node.
For testing purposes, or when you are running without the DMZ feature, you can use the local perimeter server that is installed with Sterling B2B Integrator.
You should use perimeter servers if you want to:
- Secure communications between the DMZ and Sterling B2B Integrator.
- Send data to your customers from the perimeter server as the originating IP address.
- Manage security certificates on your secure network and not in a DMZ.
- Enhance performance and scalability through session and thread management that includes a large number of connections.
- Use the following adapters or protocols:
- Sterling Connect:Direct Server adapter
- FTP Client adapter with related services
- FTP Server adapter
- HTTP Client adapter with related services
- HTTP Server adapter
- Oracle E-Business adapter
- PeopleSoft adapter
- Transora adapter
- SOAP protocol
- AS2 protocol
- OdetteFTP adapter