4 middleware and application infrastructure, Type, External application server – IBM Tivoli and Cisco User Manual

86

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

The diagram in Figure 4-4 provides a high-level graphical overview of the existing
ABBC security infrastructure. We see that ABBC is using the IBM Tivoli Access
Manager best-practice deployment methodology by incorporating dual multiple
firewalls to secure the core network from external and internal users.

Figure 4-4 Armando Banking Brothers Company security and middlware infrastructure

Also note that in this diagram no distinction is made between the

type

of Internet

users; in other words, local wired and wireless workstations, authorized remote
access VPN sessions, and branch office connections are all considered part of
the intranet and must pass through the internal firewall to access the secured
applications.

We also see the Security Compliance Manager server in the core network.

4.2.4 Middleware and application infrastructure

In addition to illustrating the existing security infrastructure, Figure 4-4 provides a
bit of data about the ABBC middleware and application infrastructure. Noting the

external application server,

we must understand that this one block represents a

External

Networks

WebSEAL

(External

users)

Intranet

Internet

DMZ

Internal Production Network (core)

LDAP

Directory

Middleware

Server

(MQ Integrator)

External

Application

Server

Wireless

Gateway

Clearing

System

Business

Partners

Customers

Temporary

Users

Public

(Guest)

Internal

Application

Server

WebSEAL

(intranet

users)

Mobile

Devices

Corporate

Users

Backend

database

Statement

System

Account

System

CRM

Tivoli Access

Manager

Policy Server

*Also connected to

LDAP

*Authorized
VPN Users are
logically
included here
as well.

Tivoli Security

Compliance

Manager

Server

Fi

re

wal

l

Fi

re

wal

l

Fi

re

wal

l

Browser

Internet

Browser