ZXTM Network Planning

There are several ways in which the ZXTM appliance can be deployed in your network. Here, three different scenarios are shown, starting from a basic network layout and then showing how ZXTM can be configured as a secure gateway between your public network and private internal servers.

Scenario 1: Simple network

This example network setup demonstrates how a single ZXTM can be placed into an existing network to handle traffic for a web site. In this single-network setup, the ZXTM traffic IPs, the management port and the back-end nodes (the web servers) are all running on a publicly addressable network (represented with ‘xx.xx.xx’ in the diagram, with a netmask of 255.255.255.0).

In the example below, ZXTM has been configured so that its management port has the IP address xx.xx.xx.50, and it is using a single network port, IP xx.xx.xx.3, for receiving work traffic. Before ZXTM was in place, clients connecting to the website www.example.com would be sent, via the gateway, to one of the web servers (e.g. xx.xx.xx.20). Once ZXTM is installed, the DNS can be changed so that www.example.com now gets directed to xx.xx.xx.50 and ZXTM receives the web page requests.

Single network configuration of ZXTM

Scenario 2: Public/Private networks

This configuration splits the layout into public and private networks. This offers greater security, because the private network hides the internal back-end services from the outside world. Access is only permitted through ZXTM. Using more appliance network interfaces also gives higher performance as there is greater bandwidth capacity.

The example shows the gateway and ZXTM’s front-end (eth1) interface being configured with publicly routable IP addresses (the xx.xx.xx network, netmask 255.255.255.0). The back-end interface (eth2) is configured to be on the internal network (10.100, netmask 255.255.0.0). Finally, the management port of ZXTM is run on an entirely different network, which restricts control of ZXTM to the secure network.

Public/private network configuration of ZXTM

Scenario 3: Multiple ZXTM appliances

This is identical to the previous scenario, except that this time there is a cluster of two ZXTMs. When using a cluster in fault-tolerant mode, ZXTM makes use of ‘traffic IP addresses’. These are additional IP addresses that are distributed across the front-end network interfaces. They can move from appliance to appliance, ensuring that services continue to run even if one or more ZXTMs have failed. Traffic IP addresses are managed through the web-based GUI of ZXTM, and are set up after the initial low-level networking is complete. Please see the full user guide for more information.

Public/private network configuration of a ZXTM cluster

Ben [Zeus Dev Team] 22 July 2005  Permalink  
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)
Download Free ZXTM Desktop Edition

Recent Articles

Other Resources



www.zeus.com

powered by
b2evolution
About this site. The ZXTM KnowledgeHub service is provided without warranty, and articles and comments may not reflect the views of Zeus Technology. For technical support queries, please contact Zeus Technical Support. Disclaimer and Privacy statement.