This describes the impact of the NRFs of the DMZ solution pattern.
NFRs |
Description |
Availability |
Availability may be negatively impacted as the firewall becomes a single point of failure (standard procedure is for a firewall to 'fail closed', that is, in the event of a failure it will deny all connections to the protected systems). |
Performance |
There is a potential negative impact on performance due to the overhead of network traffic filtering and the necessity for physical separation between the web servers and the application servers as defined in dedicated Web and application servers (although splitting the servers may actually improve performance). |
Scalability |
The scalability of the underlying application is not affected. However, additional elements (such as filtering routers and firewall software) must be able to scale to the desired number of users and concurrent connections. |
Security |
Security is improved because fewer systems are exposed to attack and multiple firewall artifacts must be breached to compromise security. |
Manageability |
Manageability is negatively impacted by the very restrictions that limit access to internal data and may make it difficult to access the application from an internal monitor. |
Maintainability |
Not affected. |
Flexibility |
Not affected. |
Portability |
Not affected. |
Cost |
Cost is increased as extra elements must be procured to build the DMZ. These include not only the filtering routers, firewall software, and firewall host but also the additional network equipment, such as switches and cabling, used in the DMZ itself. |