Let's assume that you have three different nodes for different types of workload:
Those nodes could be exposed (or not exposed) to the external network. Now, you may wonder how SF ensures that communication is handled in a secure manner. In fact, there are two possibilities:
- Certificate security: In such a scenario, a client (node) attaches credentials to each request and signs a message with the private key
- Windows security: Based on the Kerberos protocol
The final solution depends on your actual needs.