To ensure that the security protection provided by the protocols and functions mentioned (SSL, IPSec, authentication and authorization) cannot be misused, additional security mechanisms are also necessary. For additional access protection and optimal security, we recommend using security zones to establish a secure network infrastructure for your complete landscape.
We recommend integrating the Portal Runtime for .NET into a strict DMZ (demilitarized zone) environment, which contains three firewalls and a reverse proxy:
· Place a reverse proxy in the DMZ. It redirects client requests to the portal, which resides in the Intranet behind the firewall.
· Place the portal in the next DMZ.
· Place the Portal Runtime for .NET server in the same DMZ with the portal server.
The following diagram shows the recommended system landscape setup using network zones:
For more information, see Using Multiple Network Zones in SAP NetWeaver Security Guide.