Dear all,
I would like to know if there is any reference or best practices guide about how the network connections between the components involved in the ISVG-IM infrastructure, aka ISIM, TIM, enrole ;-D, should be done.
The newest version of the products in appliance version come with 3 network interfaces (M1, M2 and P3) for management and services purpouses, but nothing is said about which one use for connecting ISIM with the infrastructure, ie. LDAP (SDS), Database, IDI, adapters….
Moreover, at the same time, this question should be launched from each of those components perspective.
Let me explain with an example:
- ISIM should use the M1/M2 for connecting to the LDAP (SDS) to avoid any interaction with the traffic due to end users (ISC + admin console).
- SDS should connect with ISIM though his P3 interfaces, ie, services, since the goal of this product is to provide LDAP services.
- Same for ISIM-IDI connection, from M1/M2 to P3
- Talking about adapters, the management interfaces of the managed resources should be used.
The exposed aboved it just only one approach which produces a number of firewall rules required.
Although this topic is probably closer networks subject, I am sure it has been discussed by some of you before and can provide your point of view, or even, any reference to be consulted.
Thanks in advance for you support.
------------------------------
Felipe Risalde Serrano
Security Expert
Banco de España
------------------------------