close

Filter

loading table of contents...

Operations Basics / Version 2307

Table Of Contents

4.8.1 Overall Deployment

Typically, a firewall is in place between the content management environment and the delivery environment, limiting the information flow from the untrusted Internet environment. Additionally, a firewall in front of the delivery environment may further reduce the number of exposed system components and communication ports of the delivery environment.

Typically, access from the Internet is granted to a load balancer, only, which delegates requests to the CAEs.

Especially services that are not properly protected by authentication must never be exposed outside of the local network. Examples for this rule would be a MongoDB in its default configuration or a Solr instance. For more details how to secure Solr in the CMCC context, see Section 4.8.7.1, “Securing the Solr Search Engine”.

If necessary, access to the content management environment may be granted through a VPN, allowing remote editor connections.

Much of the communication between system components happens through either HTTP or CORBA. You can find details and helpful security hints in Section 4.4, “Communication between the System Applications”. In particular it is shown how CORBA can be layered on top of SSL.

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.