High Availability‌ (failure inner server)

The DMZ server is able to accept incoming data even if the inner server cannot be reached. A cause for this may be a disturbance in the network connection between the inner server and the DMZ, necessary maintenance on the network or a restart of the inner server. It is assumed that the maintenance window is no longer than two hours. The standard setting can also be altered through means of configuration (parameter lifeTime in section Availability of Communication Log Service (offline mode)‌.

By using a DMZ cluster of at least two DMZ servers, an undisturbed availability of the DMZ itself can be guaranteed.

The availability strategies of the Authentication Service and the Communication Log Service differ, due to different goals.

For the Authentication Service, a caching strategy is used, while with the Communication Log Service the communication between DMZ and the inner server is handled using persistent messages if synchronous messages fail.