My first DMZ scenario practice

the plan proposed the original intention : The external network needs the timing and the indefinite time pushes the data to the intranet server (only requests the data arrives the intranet, does not require the direct connection to the intranet)

Why not connect directly to the intranet : Everyone's first thought is unsafe, yes, yes, it's not safe. The most obvious difference between the application of intranet and the application of external network is the traffic load, although the anti-malware attack strategy should be configured, but the application of intranet will not consider so many security policies as the application of the extranet. So the security here, including the security of anti-theft data, malicious attacks and left the back door to hacker and other factors. (I think that's all)

So, dedicated to leave a network can access the machine A, the external network to push the data to machine A, and then the application of the Intranet B to machine a pull data.

How to pull data?

There are two ways of doing this:

First, timed to machine a pull, shortcomings have delay, if every 20 minutes to take data, the longest delay of 20 minutes. If the external network pushes the original delay push, then the data state actually produces the time to reach the final consumer of the data, the delay is longer.

Second, listen to machine A, and pull over when there is data available on machine A. (This is the solution I'm using)

Listening machine A How to listen?

First, you can write a program yourself, establish a request connection, machine A to keep the connection request does not respond immediately, wait until there is a message available on machine A, and then respond. (equivalent to what we often say in HTTP long connection)

Second, using the Reveive method of MSMQ, the method itself implements such a mechanism that receive returns a message when there is a message available in MSMQ. There is a need to establish a dedicated message queue.

How do push messages reach data consumer C?

Listen to machine A is the service of the availability of messages, we are called "Data forwarding Service B", the forwarding service can be deployed independently, or can be deployed in consumer c.

I initially deployed the forwarding service on IIS and set the application pool to not be recycled, that is, "fixed interval" is set to 0, "limit timeout" is set to 0, but after a few hours, the forwarding service will still "rest", need to access a page of this site, so that the service "wake up." Service is not dead, just may be idle, be recycled. Specific reasons to hope that the master weapon.

The forwarding service was later configured to the Windows service so that there was no problem with the application pool being recycled.

Data consumer C needs to expose a service that accepts "push data", and the forwarding service transfers the data from the pull to the service.

Such a complete process I realized, is currently operating normally, but I do not know what potential problems? Hope Master weapon.

In the above narrative, machine A is in the DMZ.

Alternative scenarios:

Since the push data through the two intermediate machines, machine A and the forwarding service in the machine, if one day can not be used, let data consumer B temporarily unsolicited unsolicited external network API to obtain data, so that consumer B is a pressure, so it is not recommended to use.

episode, because of the late to do a proactive request outside the Network API backup scheme, on-line test, did not take into account the generation environment of the database has tens of thousands of historical data , resulting in a system exception sent tens of thousands of abnormal mail. Therefore, the penalty is added in cash.

My first DMZ scenario practice