Opensource Technology: A cost saving option
Firewall gateway requirements
There were three main servers on which the TCMS (Transaction Control and Management server) was based namely:
They are critical to the smooth running of a digital mall. TCMS application runs on The Microsoft .NET Framework. Therefore, the most appropriate server platform was Window 2008 servers yet they were to be available for on site client software connection as well as remote site client software connections. The remote connection of the client software is primarily over the World Wide Web. Therefore, the need to be protected with firewall. The client TCMS software was designed in a manner to connect to the three services: AFIS, Database and Web services on a single host server:- i.e. same hostname/IP address yet each of the three were running on separate physical hardware. Likewise, the enterprise network requires that the different sets of server in all locations to bear same network address. The requirement for the scenario to be resolved involves: Firewall, NAT, Port forwarding, VPN, IDS and redundancy/failover.
Quick on your mind are:
In all these solutions Cisco PIX owns the largest market share. With Linux we were able to put up a formidable firewall gateway with effective perimeter fence yet legitimate connections were made easy and straight forward, even for a regular windows server administrator. Each server were made available from behind the firewall for easy administration and network service. Above all the server administrators does not need to travel distance before having adequate desktop access to the corresponding servers for routine maintenance, emergency maintenance, administration and monitoring. The Firewall gateway itself has an intuitive web administration interface which makes it easy for non hard core network administrator to manage such firewalls. Above all, inexpensive X86 hardware would perform extremely well and at fraction of the price for alternative and traditional hardware firewall gears /applications. Each Firewall Gateway served as VPN endpoint for each network location and it was possible to have all servers on a private network. It was also possible for remote and mobile users and administrators to effectively connect to the TCMS application.
NB: This white paper was made with open source software-based applications.
Namely: