What are my architecture options for having a DMZ and Internal servers setup without using Reverse Invoke server and having no data storage in the DMZ.
Ideally, I’d like to have SSL authentication in the DMZ and have the data streamed to the internal servers without being stored in the DMZ.
See this post for some basic info on RI. Also, contact your organization’s network security department for approved approaches for managing connections to internal servers from the outside world.
Thanks for your reply. Guess, I did’nt quite explain my question well.
We have been using RI setup for sometime with little to no problems. Now we have a customer requirement with large HTTP/S payload, for which RI would not be very wise choice (in memory processing). So I was looking for some other connectivity options between DMZ and internal servers where we do the authentication in DMZ and stream the data to the internal servers.
Any proxy server should do the trick, right? The trick will be having the new third party proxy server validate user credentials against the same user repository as your RI server.
You could use LDAP to do this if you configured your RI server to use an external LDAP user repository and if your new proxy server thingie did the same.
Otherwise you would have to define your users in multiple places.