tags:

views:

48

answers:

3
+2  Q: 

Do I have to consider firewalls while architecting n-tier applications?

While architecting any n-tier intranet applications, do I have to consider anything about firewalls in the organization? Are there any special considerations which needs to be proactively addressed or it could be an afterthought.

+2  A: 

If you're designing in a way that the firewalls will sit between your tiers, this is definitely a consideration.

That being said, it should just be a matter of configuring your firewall to allow communication between your services, but collaboration with the IT staff maintaining the hardware would be a good thing to do prior to implementation, instead of after implementation...

Reed Copsey  2010-03-05 17:37:35
It is more of a deployment concern rather than an architectural decision. Correct?
Anand Patel  2010-03-05 17:39:45
@Anand: Yes - but collaboration with your deployment team can help you make sure you're not going to be "fighting" with them later about configuration... There are often multiple options here, such as which protocols to use, etc.. They may have a (valid) concern over using different transmission protocols, for example.
Reed Copsey  2010-03-05 17:41:17
+1 to your comment. Thanks for the response.
Anand Patel  2010-03-05 17:45:35
+1  A: 

If you are crossing different subnets, then yes, you should consider the firewall, as maybe in the future a user would want to access the system remotely a la 'working from home' via VPN (Virtual Private Network - that would have the security aspect cut out as packets are encrypted over the WAN)...keep touching base with the IT Personnel who look after and maintain the firewall in order to minimize headaches later on which could be costly!

That is not to say, do it immediately, but somehow make it flexible enough for the system to work over the firewall in the near future...you'll get a nice bonus and make the bosses happy and above all, the user!

Hope this helps, Best regards, Tom.

tommieb75  2010-03-05 17:50:36
+1 for VPN thing.
Anand Patel  2010-03-05 17:55:58
A: 

Another consideration is that firewalls can do unintended 'clever' things like closing long-lived TCP connections.

Such issues tend to crop up very late in the build, as development and test environments rarely replicate the exact network configuration of the final environment.

So, yes, plan to test with as close to the 'real' configuration as soon as possible, including firewalls.

Andrew Strong  2010-03-08 12:41:01

related questions

What is the best architecture to bridge to XMPP?
How to expose a collection property?
How do you build a ratings implementation?
Alternative "architectural" approaches to javaScript client code?
Split data access class into reader and writer or combine them?
Guide to choosing between REST vs SOAP services?
Best architecture for handling file system changes?
Globalization architecture
How Did You Decide Between WISA and LAMP?
Best Blogs for Software Architecture
Experience documentation about Shared Nothing Architecture
Agile architectures
VS.NET Application Diagrams
Documenting program architecture
Books for software architect
How do you do system integration?
Design debate: what are good ways to store and manipulate versioned objects?
Passing more parameters in C function pointers
Send messages to program through command line
Interfaces on different logic layers
How to structure a java application, in other words: where do I put my classes?
Are there any negative reasons to use an N-Tier solution?
Linux - files and scripts that execute on boot
Good STL-like library for C.
Best way to allow plugins for a PHP application