
Chapter 2. Access Manager Web-based architecture 55
Figure 2-14 WebSEAL placement guidelines
Junctioned Web servers
In a WebSEAL configuration, it is recommended that junctioned Web servers not
reside in an Internet DMZ. While WebSEAL does not restrict Web server
placement in any way, the further away one can move critical resources from
uncontrolled zones, the better.
Ideally, Web servers should be in a special, restricted zone, but could also be
placed in a more open, yet trusted, network zone if appropriate configuration
steps are taken (such as utilizing SSL for communication with WebSEAL and
configuring the Web server so that it will only ...