To ensure that the security protection provided by the protocols and functions mentioned (SSL, SNC, authentication, and authorization) cannot be misused, additional security mechanisms are also necessary. Therefore, for additional access protection and optimal security, we recommend using security zones to establish a secure network infrastructure for your complete landscape.

The firewalls protect the network from undesired access from persons or resources outside of the designated area. The application gateway or proxy server in the DMZ makes sure that requests are not directly passed through to the desired resource, but are handled by the gateway or proxy server's own cache. Not only does this buffer zone reduce network load, but it also allows you to filter requests increasingly from the external to internal networks through the multiple firewalls. Application servers, database servers, and the user management systems have increased protection and are only accessible by authorized users or resources. In this way, you can provide for optimal protection.

As an additional security mechanism, you can use the reverse invoke function so that no incoming connections are allowed to reach the high security area.

For more information, see Reverse Invoke.