Embedded Files
Till now we have been talking about hosting applications mostly on the internet, its time we talk about the URLs or applications which belong to other organizations hosted on the internet or in simple terms "Google" or any other URL which is there on the internet and our users/employees want to access it, so lets see how our employees access Internet based partner websites or portals or anything else on internet, please note this architecture is also applicable to any internal applications connecting to external partner websites such as an API connection or a web services call, some principles to note:
The connection should be always routed via a DMZ staging server /gateway
The connection should always be a TLS based connection, it cannot be plain unencrypted connection
For users connecting to the internet it should always pass via a Web gateway which is responsible for content filtering such as it may only allow legitimate websites and it may have inbuilt categories (social media, porn, Job sites, etc) based on which it can allow and block the user access to the internet
On the Web gateway, the admin can setup policies based on different departments and groups, only specific groups can have access to specific websites
In the diagram you can see all the Red highlighted connections to understand the flow how users from Branches are accessing sites over the internet
In the diagram you can see all the Red highlighted connections to understand the flow how users from Branches are accessing sites over the internet
Page updated
Google Sites
Report abuse