Interaction Lobster_data and DMZ‌

Lobster_data can use this security concept in conjunction with a DMZ server. A dedicated Integration Server (IS) is being installed where, for security reasons, only the essential communication channels, like FTP or SMTP are executed. See figure below.

The firewall between DMZ and the internet only allows the required ports and protocols.

Communication between the DMZ and Lobster_data in the intranet is executed via a proprietary protocol of Lobster GmbH, the Message Service. A penetration from the outside is thus prevented. The Message Service is an HTTP-tunnelled protocol that uses TCP/IP exclusively.

A firewall between DMZ server and inner Lobster_data server is also required. It must grant communication on the specified Message Service port (usually 8020, can be configured) in both directions. In addition, HTTP requests and responses are also passed through in both directions, so the HTTP port (usually 80, can be configured) must also be open.

Note: For maximum security claims, the Message Service can also be configured in pushback mode. In this case, the connection is always established from the inner server and no incoming connections from the internet are required.

Note: If a limit for a maximum message size is specified or Lobster_data should serve files via DMZ, those files need to be copied from the internal system to the DMZ machine. In order to do this, the firewall needs to be configured to allow for FTP or SFTP connections between inner and DMZ server.