cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Why does ITS go in the DMZ?

Go to solution
Former Member

on ‎10-07-2004 12:31 PM

0 Kudos

Can anyone point me to a diagram or explain the path that your http requests make when using EP, ITS and R/3.

From what I understood, Your request goes from the EP to ITS and then to R/3. When you are using an IAC iview.

But how does the return trip go?

I though that it was R/3 ITS then Portal. And the resulting Iview was embedded in a portal iview?

Thanks

Jeremy

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-07-2004 1:24 PM
0 Kudos

If the r/3, its (wgate & agate) and EP are all behind the dmz, why wouldn't that work. If it is just the ep communicating with its? Or is your browser communicating with ITS as well?

Show replies
Show replies
achim_hauck2
Active Contributor
‎10-07-2004 1:39 PM
0 Kudos

R3 and EP and ITS behind the dmz and accessing them from outside makes no sense and the dmz would be obsolete.

there should be at least one accessible application for the browser via http in the dmz (e.g.: http-server with iisproxy for ep, hhtp-server with wgate, sap web dispatcher, etc..). it depends which components you want to access from outside.

kr, achim

former_member437915
Explorer
‎10-07-2004 3:35 PM
0 Kudos

In my opinion, the most secure architecture should be:

- EP6, R/3 and Agate in Secure Zone; in this way you have (probably) no firewalls between EP J2EE server and DB. This could help performances, since data exchange between EP and DB is heavy.

- in DMZ, obviuosly, you put a reverse proxy (either IIS proxy and Apache for EP) and wgate for the ITS.

Cheers,

Alessandro.

Answers (3)

Answers (3)

Former Member
‎10-08-2004 2:54 AM
0 Kudos

Dear Allesandro,

Could you let me know of a document or of you know the answer to this. How heavy is the data flow between

a. wgate and agate

b. agate and r/3

c. browser and wgate?

How could you monitor this.

Jeremy

Show replies
Show replies
Former Member
‎10-08-2004 9:07 AM
0 Kudos

Hi Jeremy,

I don't know of a document, but can give you a rough estimate for your questions:

a) ?

b) max. 2-3 KB/sec (typically less, depending on a user's idle time)

c) +/- 5-10 KB/sec (it's all HTML pages transferreed between browser and wgate, so there is definitely more overhead compared to DIAG)

You could use for moniotring any network tool of your choice, like Ethereal or a traffic monitor (try a google for tcp traffic monitor).

Hope this helps,

Dominik

ralph_resech
Explorer
‎11-19-2004 4:33 PM
0 Kudos

Hi Dominik, Jeremy,

for a) it's almost the same amount of data as for c)(minus the MIME files which are cached by the Borwser and therefor getting less step by step) and for b) it's definitly less then for c).

Regards Ralph

Former Member
‎10-07-2004 1:25 PM
0 Kudos

I see now, does the ep redirect your browser to ITS?

Show replies
Show replies
former_member437915
Explorer
‎10-07-2004 1:38 PM
0 Kudos

Yes Jeremy..

EP simply redirects you to ITS....

In my opinion (as Achim stated), the best way to implement the architecture you are thinking about is this:

/-|-ITS (wgate)-|ITS (agate) R/3

Browser | |

\-|Reverse Proxy|-- EP (J2EE)

OUTSIDE | DMZ | SECURE ZONE

Hope this helps,

Alessandro.

achim_hauck2
Active Contributor
‎10-07-2004 1:04 PM
0 Kudos

jeremy,

that's the fact. i try to draw... ;-):


browser <---> ep <----> its <----> sap
         http     http       diag

what is the problem? do you use the ITS (wgate) in the DMZ to access the SAP system from outside & put the ep inside?


browser <--+--> its <--+--> sap
           |     ^     |
           |     -----+--> ep
           |           |
   outside |  DMZ      | inside

kr, achim

Show replies
Show replies
Ask a Question