This is one of the topics that describes the architecture of the STEP solution. The full list is defined in the STEP Architecture topic here.
Barriers set up for security reasons but that are not aligned with the STEP system requirements can result in a non-functional system or a very poorly performing system. While STEP is not particularly demanding, the following rules must be observed for the system to work properly.
Network Boundaries and Firewalls
Several distinct network realms are involved in the STEP system. It is assumed that firewalls only exist at the boundaries between the networks, so network traffic is only defined at those boundaries.
As the architecture diagram hints, most application traffic happens as plain HTTP on port 80 from workbench, web browsers, and other clients, directly to the application servers. There are other requirements for network connectivity that depend on the particular configuration of the system. Examples of such connection requirements are:
- Incoming SSH or RDP (depending on system platform) to allow administrators to manage the systems in the cluster.
- Incoming FTP for file upload if hotfolders are used.
- Outgoing HTTPS to the Stibo Systems update server, so new software can be downloaded.
- Outgoing HTTP on a configurable port to the DTP sidecar.
- File exchange with the AS2 gateway if 1SYNC integration is used.
Important: The exact configuration of the network boundaries can only be determined after the specific features needed on a particular system are known.
Contact Stibo Systems to determine the latest port requirements.
Intra-Cluster Network: One Switch, One VLAN
The application servers access the database using JDBC connections. The communication is a combination of small requests and larger batches that can take hours to process. The process of sending a lot of small requests will be very sensitive to latency in the network, while timeouts may kill the large batch jobs. Therefore, any latency, TCP timeouts, or incorrect configuration in the intra-cluster network can severely impact performance, stability, and functionality of the system, and additionally can be difficult to detect and debug. Generally, it is important to keep the network that binds the cluster together as simple as possible. The application servers and the database servers must all be located on the same switch with no filtering or routing between them.
In a standard implementation, it is assumed that no firewalls exist between the application server(s) and the database server.
Redundancy in the Network Infrastructure
The principle that simple components are less prone to failure than complex ones is important when implementing network infrastructure. For example, the network switch is not expected to fail very often, and if it does, it can be swapped out. If the network infrastructure needs to be made redundant, the standard tools (such as STP or OSPF with multiple NICs in each server) are needed. For more information, search the web.