Re: Mid-Tier architecture question

[David Sanders]

Title: RE: Mid-Tier architecture question

** Hi James   No encryption, possibly SSL, ‘heavy’ app with lots of forms.   Regards   David Sanders Remedy Solution Architect Enterprise Service Suite @ Work ========================== ARS List Award Winner 2005 Best 3rd party Remedy Application   tel +44 1494 468980 mobile +44 7710 377761 email [EMAIL PROTECTED]   web http://www.westoverconsulting.co.uk   From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of McKenzie, James J C-E LCMC HQISEC/L3 Sent: Tuesday, August 01, 2006 9:24 PM To: arslist@ARSLIST.ORG Subject: Re: Mid-Tier architecture question   David:   Here is one more question.  How many users and forms would be accessed.  It is very intense to send form data back and forth, but not user data.  Also, is the data between the MT server and ARS server to be highly encrypted (128 bit or higher)?  Is the MT server to run in SSL mode?    Here is what I see right now:   If there are many forms to be accessed with frequent form changes, then you would be best off setting the MT servers in a DMZ (if your users are not on a company provided VPN type connection) local to the ARS servers with high encryption between the ARS server and MT server with SSL enabled to the outside connection.  If you have many users (100+) I would look at a load-balancing solution.  Also, I would use this if the out office users are not frequently connecting. If you are running over a VPN to a central office in the areas that you mentioned and the number of forms is low or there are not frequent changes, and the users are connecting over a company provided VPN type connection, then you might be better off locating the MT servers "over the horizon" and closer to the overseas offices.  Given that you are looking at 2MB of throughput to each outside location, the problem may be delay between the MT server and the ARS server and not the amount of data sent. Given the amount of information provided, I would go with the DMZ solution and high encryption between user using SSL 128bit or higher and high encryption between the ARS server and the MT server through a dedicated port on the inside the company firewall.   James McKenzie   ________________________________ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of David Sanders Sent: Tuesday, August 01, 2006 1:12 PM To: arslist@ARSLIST.ORG Subject: Re: Mid-Tier architecture question   ** Hi James   Scenario 1 - MT Servers local to ARS, they would be on same LAN as the ARS server and firewall(s) would be between the end-users browsers and this. ARS---FW---MT --------------pipe--------------- FW------Users   Scenario 2 - MT Servers local to Users. ARS----FW ---------------pipe---------------- MT---FW---Users   The pipe would probably be about 2Mb and is clearly the bottleneck.  So is it quicker to send the MT to ARS traffic over the pipe (scenario 2), or the browser to MT traffic (scenario 1)   Regards   David Sanders Remedy Solution Architect Enterprise Service Suite @ Work ========================== ARS List Award Winner 2005 Best 3rd party Remedy Application   tel +44 1494 468980 mobile +44 7710 377761 email [EMAIL PROTECTED]   web http://www.westoverconsulting.co.uk <http://www.westoverconsulting.co.uk/>   ________________________________ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of McKenzie, James J C-E LCMC HQISEC/L3 Sent: Tuesday, August 01, 2006 8:51 PM To: arslist@ARSLIST.ORG Subject: Re: Mid-Tier architecture question   Dsvid: Where would the MT servers be located?  What is the size of the pipe between the ARS servers and the remoted MT servers?  Also, is there a firewall/network appliance that would be placed between your ARS server and the MT servers? James McKenzie   -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of David Sanders Sent: Tuesday, August 01, 2006 12:46 PM To: arslist@ARSLIST.ORG Subject: Mid-Tier architecture question Hi List I'm looking for advice on the best architecture to adopt for the Mid-Tier. Imagine a central Remedy application and database server(s) based in the US, with users based in the US, Europe, Asia etc.  Most user access is to be through the Mid-Tier. Say we decide to have 3 Mid-Tier servers, the questions is, are we better to locate the MT servers locally to the ARS platform, and transmit the Mid-Tier to client browser traffic over the WAN, or is it better to locate the MT servers locally to the users, and transmit the Mid-Tier to ARS traffic over the WAN. My **guess** is that having the Mid-Tier servers local to the ARS server would give better performance as I expect the most intensive traffic to be between the MT servers and ARS, but I have no evidence for this from a real-life situation.  Has anyone compared these types of architecture and discovered performance differences? Thanks for any information. David Sanders Remedy Solution Architect Enterprise Service Suite @ Work ========================== ARS List Award Winner 2005 Best 3rd party Remedy Application   tel +44 1494 468980 mobile +44 7710 377761 email [EMAIL PROTECTED]   web http://www.westoverconsulting.co.uk _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___