A MOVEit DMZ webfarm uses a tiered architecture, separating the database and file store segments from the MOVEit DMZ application servers. In this way, MOVEit DMZ application servers can be added to the farm at will, providing increased ability to handle web requests. Additionally, the database and file store servers can be upgraded independently to handle increased load, or even clustered to provide even more performance and reliability.
Below are examples of possible MOVEit DMZ webfarm architectures. Each architecture has shared features, such as a load balancer to distribute requests to the MOVEit DMZ nodes, and a separate internal network for connecting the MOVEit DMZ nodes to the database and file store servers. Differences include whether a firewall is used to protect the database and file store servers from the MOVEit DMZ nodes, and whether the database and file store servers are clustered.
This is an example of a simple tiered MOVEit DMZ webfarm. A load balancer distributes requests to the individual MOVEit DMZ nodes, each of which connects via a separate internal network to the database and file store servers.
In this example, a firewall separates the database and file store servers from the MOVEit DMZ nodes. As the most internet-facing servers in the farm, the MOVEit DMZ nodes are the most susceptible to being attacked and compromised. The firewall helps guard against further penetration into the more vital internal servers, in the unlikely event one of the MOVEit DMZ nodes is compromised.
In this example, the database and file store servers are clustered, providing increased reliability and performance. The clusters appear as a single server to the MOVEit DMZ nodes, but are able to tolerate hardware failures that would normally cause the entire webfarm to fail in an unclustered farm.