Web-Tier Deployments

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

A web tier is a platform for installing and deploying web applications, such as the Self-Service Console. The web-tier server is typically installed in the DMZ, but you can also install it inside a firewall. Deploying web tiers is useful for segregating unfiltered HTTP traffic outside of the network, typically to the DMZ.

The deployment can have up to 16 web tiers.

When adding a web tier deployment, you generate a web-tier deployment package on the primary instance. Each web-tier deployment also has a record in the database, which you can maintain using the Operations Console on the primary instance. The web-tier deployment record includes the hostname of the web-tier server, the hostname of the preferred instance, and the port numbers for communicating with the web-tier server, the preferred instance, and the load balancer.

You secure communications between the web-tier deployment, client machine, and the primary or replica instance by managing certificates and key material.

RSA recommends that you use a load balancer. The load balancer acts as the virtual host, allowing a single entry point to the DMZ. The load balancer manages authentication requests between the primary and replica web tiers.

When you generate a web-tier deployment package, the system generates an SSL certificate for the virtual host. You can either use this certificate or replace it with a different certificate after you install the web tier.

For a summary of the tasks required to set up and install a new web-tier deployment, see “Installing Web Tiers” in the Setup and Configuration Guide.