Security Zones
From a security perspective all related components can be deployed in a workgroup or a domain.
When talking about security zones then the components should be put as followed:
- DMZ
- VCC Gateway(s)
- VSPC Web UI
- MGMT
- VCC Server
- VSPC Server
- DATABASE
- SQL Server
The following diagram represents an example of the different security zones (VCC not shown here):
You can put one of the following services in front of the VSPC Web UI:
- Web Application Firewall (WAF)
- Reverse Proxy Server
- Load Balancer (LB)
This can provide additional advantages:
- Sits between external clients and the VSPC Web UI server, preventing anyone from directly accessing the web server
- less exposure of the internal infrastructure
- SSL offloading