NFRs

Description

Availability

Availability may be negatively impacted as the firewall becomes a single point of failure (standard procedure is for a firewall to 'fail closed', that is, in the event of a failure it will deny all connections to the protected systems).

Performance

There is a potential negative impact on performance due to the overhead of network traffic filtering and the necessity for physical separation between the web servers and the application servers as defined in dedicated Web and application servers (although splitting the servers may actually improve performance).

Scalability

The scalability of the underlying application is not affected. However, additional elements (such as filtering routers and firewall software) must be able to scale to the desired number of users and concurrent connections.

Security

Security is improved because fewer systems are exposed to attack and multiple firewall artifacts must be breached to compromise security.

Manageability

Manageability is negatively impacted by the very restrictions that limit access to internal data and may make it difficult to access the application from an internal monitor.

Maintainability

Not affected.

Flexibility

Not affected.

Portability

Not affected.

Cost

Cost is increased as extra elements must be procured to build the DMZ. These include not only the filtering routers, firewall software, and firewall host but also the additional network equipment, such as switches and cabling, used in the DMZ itself.