At the company I work at for public sites our current model is to use 3
tiers. The web server sits in the DMZ and app and db servers sit in the
internal network with holes punched through the firewall for the web and
app servers to communicate. This has worked well enough but with all the
recent trends of consolidating the web and app servers back into one tier
using pojos and the like, we've started to rethink our architecture. The
major concern so far is about security. Particularly we're worried about
removing that extra hop to the database. We've thought about bringing the
web server back into the internal network and using reverse proxies and we
have also thought about keeping it out there but allowing straight web to
database access. I'd like to hear what other people are doing. I'm
especially interested in hearing from the guys who have financial records
to protect.
-Sam Corder
|