To Zone or not to Zone?

chris parkinson · ‎01-21-2013

Can anyone point me to any good documents that describe the benefits of deploying servers into Presentation, Application and Database zones, specifically within a trusted (non DMZ) environment.

Typically, in my experience, this kind of zoning is mandated by the security team, but when it isn't, what benefits does this type of zoning provide?

I'd appreciate any pointers.

Chris

rothomso · ‎02-01-2013

HI There,

Sounds like you are referring to Tiers in a Data Centre rather than zones (storage people might think you are asking about FC zoning).

Take a look at this document on DC Design

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_Infra2_5/DCInfra_1.html

As you say, Security is an important part of this model as well as HA and functional separation. In much the same way as we can logically collapse networking layers (core, agg, access), you could do the same with server tiers.

Multi-Tier Model

The multi-tier data center model is dominated by HTTP-based applications in a multi-tier approach. The multi-tier approach includes web, application, and database tiers of servers. Today, most web-based applications are built as multi-tier applications. The multi-tier model uses software that runs as separate processes on the same machine using interprocess communication (IPC), or on different machines with communications over the network. Typically, the following three tiers are used:

•Web-server

•Application

•Database

Hope that helps.