NC Department of Environment and Natural Resources
Information Technology Services (ITS) - Conceptual System Design
Information Technology Services (ITS)
Conceptual System Design
OverviewThis conceptual design separates each system function onto its own server, which allows the placement of more sensitive functions and servers in increasingly more secure network segments. It also allow for each function to be performed by a specialized server, each of which are sized, configured, tuned, managed, and administered specifically for its distinct function. SecurityThe outer perimeter firewall (Firewall 1) separates the public Internet from the DENR network. Firewall 2 separates the DMZ from the internal network. Firewall 3 separates the internal network from the hardened internal network. This design provides enhanced security by narrowing the attack surface at each successively higher-risk network segment. AuthenticationAuthentication is provided by the existing DENR enterprise authentication server. When the application server requires authorization for a user, the browser is redirected to the authentication server. After the user authenticates successfully, the browser is then redirected back to the application server. NCIDThe authentication server interfaces with the NCID Access Management service. After successful authentication, the application server uses NCID Web services to obtain the user's NCID information, and create the user's account on the Portal, if necessary.
|
