Motivation

For security reasons, you can operate Lobster_data with an additional DMZ server.

Lobster_data usually operates in an intranet to provide direct and quick access to internal systems like databases, mail servers and file systems. Firewalls are used to protect the intranet from attacks from the internet. But this also locks out partners.

However, it is often desired that partners are able to deliver data themselves, e.g. by FTP or email. One option would be to instruct the IT department to set up a white list of all IP addresses of all partners. This is tedious work and not sufficiently secure. If a partner has no access to a fixed IP address, this method fails completely.

This problem can be solved by using a 'Demilitarised Zone' (DMZ), a special network section placed between internet and intranet.

A DMZ can communicate both with external systems (customers/partners) and an internal system (Lobster_data in this case), while a direct communication between the external and internal system is prevented.

The DMZ also has the further advantage that during a restart of the internal server (i.e. the intranet server with Lobster_data), the system appears operable to the outside world, because the DMZ server buffers requests and delivers them after the re-availability of the Lobster_data system. Also, no outgoing data is lost if you restart the DMZ server.

• Shared Folders and Ports to Be Openend (DMZ)

• Communication Between Lobster_data and DMZ‌

• Configuration of the DMZ System

• DMZ Cluster