views:

48

answers:

3

While architecting any n-tier intranet applications, do I have to consider anything about firewalls in the organization? Are there any special considerations which needs to be proactively addressed or it could be an afterthought.

+2  A: 

If you're designing in a way that the firewalls will sit between your tiers, this is definitely a consideration.

That being said, it should just be a matter of configuring your firewall to allow communication between your services, but collaboration with the IT staff maintaining the hardware would be a good thing to do prior to implementation, instead of after implementation...

Reed Copsey
It is more of a deployment concern rather than an architectural decision. Correct?
Anand Patel
@Anand: Yes - but collaboration with your deployment team can help you make sure you're not going to be "fighting" with them later about configuration... There are often multiple options here, such as which protocols to use, etc.. They may have a (valid) concern over using different transmission protocols, for example.
Reed Copsey
+1 to your comment. Thanks for the response.
Anand Patel
+1  A: 

If you are crossing different subnets, then yes, you should consider the firewall, as maybe in the future a user would want to access the system remotely a la 'working from home' via VPN (Virtual Private Network - that would have the security aspect cut out as packets are encrypted over the WAN)...keep touching base with the IT Personnel who look after and maintain the firewall in order to minimize headaches later on which could be costly!

That is not to say, do it immediately, but somehow make it flexible enough for the system to work over the firewall in the near future...you'll get a nice bonus and make the bosses happy and above all, the user!

Hope this helps, Best regards, Tom.

tommieb75
+1 for VPN thing.
Anand Patel
A: 

Another consideration is that firewalls can do unintended 'clever' things like closing long-lived TCP connections.

Such issues tend to crop up very late in the build, as development and test environments rarely replicate the exact network configuration of the final environment.

So, yes, plan to test with as close to the 'real' configuration as soon as possible, including firewalls.

Andrew Strong