On Sun, Sep 23, 2012 at 10:13 PM, Kevin Fenzi
<kevin@scrye.com> wrote:
Awesome. :)
Just a few minor nitpicks:
- I'd just say we should remove any mention of pix firewalls or nat in
the diagrams. In phx2 we are behind a firewall setup, but all our
other sites are just directly on the net, and we don't control or
have any knowledge of the phx2 firewall stuff anyhow. ;)
fixed. its just "Firewall" now at one place and removed second one from fig.
- Might make the vpn lines bi directional. For app servers and such
data travels back and forth both ways over the vpn for requests.
point noted....done
- "Authorization can be done at Proxy Server though it should be done at
application level for security reasons" Depending on what auth you
mean here, it should always be done at the application level... when
someone logs into FAS it is a request: proxy->fasserver and then they
have a cookie that lasts for X minutes to authenticate against the
various FAS using applications. Nothing should really auth on the
proxy directly that I can think of...
this information I just copied from old fig and moved to description......removed it from description and flow chart updated.
- For the 'data layer' in the last diagram, might note that that is
mostly database servers. I guess in the case of the wiki it's also
nfs storage (for attachements).
Fig just mentioned "data layer" but no information about it like "proxy layer" cloud in that fig......updated fig....done! I guess :)
thanks & regards,
Overall this looks great!
Thanks again for working on it.
kevin
_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure