Stop user session in DMZ
We currently use handheld bar code reader devices on our shop floor with ITSmobile to transact warehouse transactions against ECC.
We want to use these devices with external suppliers running our warehouses, with access over the internet. However, our company security policy does not allow any user session from external to the company (over the general internet) to pass through the DMZ / Firewalls and actually execute on a back end system inside the firewalls. . Our ECC system is all within the firewall. Hence, the ITSmobile transactions are not within the required security policy when used that way, running on our ECC NW (ITS) and executing an ECC transaction / service.
I read about having a stand-alone ITS server (Netweaver), and wondered it we could put that on a separate instance in the DMZ, and then could it call the ECC system via an RFC type of communication (AGate)? That would be allowed if the user session ended in the DMZ.
Has anyone every done anything like that, separating ITS from the actual back-end system? Does it work that way?
Or does anyone have any other suggestions for how we might re-architect the solution to meet our security requirements, without having to develop a new application to run in the DMZ and interact with the handheld devices.