Auditing and proxying production deployment architecture
This production deployment environment shows an auditing and proxying architecture in PingAccess.
There are many considerations when deploying a production environment. For high availability and redundancy, the environment requires clustering and load-balancing. Load balancers are required as part of the networking infrastructure to achieve high availability by ensuring that requests are sent to available servers they are front-ending. Best practices in network design and security also include firewalls to ensure that only required ports and protocols are permitted across zones.
PingAccess can provide high availability and basic load balancing for the protected web apps in the protected zone. For more information, see Managing load balancing strategies. |
The following environment example is a recommended production quality deployment architecture for an auditing and proxying use case.
The following table describes the three zones within this proposed architecture.
Zone | Description |
---|---|
External Zone |
External network where incoming requests originate. |
DMZ |
Externally exposing segment where PingAccess is accessible to clients. A minimum of two PingAccess engine nodes will be deployed in the DMZ. Depending on your scalability requirements, you might require more nodes. |
Protected Zone |
Contains backend Sites audited and proxied through PingAccess. Audit results are sent to an audit repository or digested by reporting tools. Many types of audit repository tools are supported such as SIEM/GRC, Splunk, database, and flat files. |