Chapter 7. Access control in a distributed environment 157
WebSEAL junctions
WebSEAL junctions may be cross-site (that is, WebSEAL servers in San Diego
may be junctioned to back-end Web servers in Savannah and vice versa). This is
not a problem as long as the cross-site communication between WebSEAL and
the junctions is appropriately secured.
For external (Internet-facing) WebSEAL servers, there is another issue that must
be addressed when junctioning cross-site; that is, an appropriate network
configuration must be created to permit them to pass traffic from their respective
DMZs into the production network at the remote site. This obviously is a more
complex network scenario than the local site case. We will discuss some of these
network ...