We all love the Internet, but unfortunately it is also a source of evil. If you are operating a public Internet service such as ARIS Community or a company homepage, one of a network administrator’s greatest fears is that the server gets hacked and opens up the company network to the public. To prevent that, such servers are put into a so called demilitarized zone (DMZ). The DMZ is accessible from the Internet through a firewall, which allows the necessary incoming connections. Typically, a DMZ is used for the following kind of services:

  • public web server
  • public file server (FTP)
  • domain name servers (DNS)
  • web proxy
  • email server

The DMZ is used for all services, which must be accessible from outside. All other services reside in the private network (LAN), which is protected by a firewall. The LAN can comprise additional servers such as web servers, which must be only accessed internally (e.g. Intranet).

A DMZ can be implemented physically or logically. In a physical setup, dedicated machines and connections are used, whereas in a logical setup separation is done on the network management layers.

The attached ARIS Express model visualises a possible DMZ setup. The diagram uses an IT Infrastructure diagram. This diagram provides modelling objects such as networks (e.g. LAN, WAN, DMZ), network devices (e.g. router, switch), hardware, and IT systems (e.g. web server, email server).

 or register to reply.

Notify Moderator