I have seen so many cases where an application launch was delayed because there were problems with deploying into the production environment. They generally are all the same story in that it wouldn’t work because the network was set up with some security rules that the application didn’t support or wasn’t designed with that in mind.
A very common network setup for security is creating a perimeter network or DMZ that “outsiders” can access, but the DMZ is separated by a firewall from the secure internal network. Additionally there might be another firewall inside the secure network separating the database servers.
Because the infrastructure is split into multiple zones, you have to have the same splits in your application architecture to make it possible to deploy on the infrastructure. This also has the related issues of communications across the zones, passing identities, etc. So in more details you have to:
-
Design the architecture to include a cleanly separated business API to ensure there is a distinct business tier.
-
Split the business tier into two parts, creating an “interface” tier and an “implementation” tier.
-
The interface tier is responsible for handling boundary activities such as validation and authentication, while the implementation tier holds the main business logic. This boundary verification logic enhances the security before passing the request to the secure network, beyond what could be done using a firewall alone.
-
The service interface tier gets deployed into the DMZ, and the implementation tier into the secure network.
-
Just one last note, does not that look like the Façade Pattern? Well close, but not the same. Hope this helps you with your system challenges.
|