MOVEit DMZ supports running in a tiered architecture, commonly called a web farm. In this architecture, the application nodes are generally separated from the support nodes, such as database and filesystem servers, and any number of application nodes can be present in the farm. Additional nodes can be easily added if necessary, and if any one application node fails, the others continue to run, providing resilient access to the application. A load balancer provides access to the application nodes, and directs requests to each node, skipping any nodes that are not operational.
A MOVEit DMZ web farm requires the following components:
Each application node is a server containing a licensed copy of the MOVEit DMZ software. Each node is automatically assigned a node number when it is added to the farm, starting with node 1 when the farm is created. The nodes run independently of each other, having only minimal contact through node status and auditing records in the database that are constantly updated while each node is active. However, each node accesses the same database and filesystem as all the others.
The database server should be a separate server from the application nodes and, in the most secure architectures, on a separate network from the application nodes with access controlled by a firewall. For increased reliability, a database cluster may be used, as long as the cluster is available to the application nodes via a single IP address.
The fileserver should be a separate server from the application nodes and, in the most secure architectures, on a separate firewalled network from the application nodes. For smaller farms, the fileserver and database server may be the same system, though for maximum performance and reliability, they should be separate. Using a fileserver cluster increases reliability of the farm, as long as the cluster is available to the application nodes via a single IP address.
The load balancer provides a single access point for external connections to access the application nodes. It should be capable of monitoring the health and connectivity of the application nodes, so that when one fails, it is removed from the load balancer's list of servers to forward connections to. It should also be capable of continuing to forward subsequent connections from a client to the same application node, once a session has been established. This is especially important when using non-HTTP services such as FTP and SFTP.
MOVEit DMZ web farms can be used with hardware load balancers from companies like Cisco and F5, or the Windows Network Load Balancing service from Microsoft.