On Sun, Sep 23, 2012 at 10:13 PM, Kevin Fenzi kevin@scrye.com wrote:
On Sun, 23 Sep 2012 21:44:19 +0530 vipin kumar vipinkumar41@gmail.com wrote:
Hi Team, The page is almost ready for reviews and feedback. Please have a look at following page and provide feedback.
Awesome. :)
Just a few minor nitpicks:
- I'd just say we should remove any mention of pix firewalls or nat in the diagrams. In phx2 we are behind a firewall setup, but all our other sites are just directly on the net, and we don't control or have any knowledge of the phx2 firewall stuff anyhow. ;)
fixed. its just "Firewall" now at one place and removed second one from fig.
- Might make the vpn lines bi directional. For app servers and such data travels back and forth both ways over the vpn for requests.
point noted....done
- "Authorization can be done at Proxy Server though it should be done at application level for security reasons" Depending on what auth you mean here, it should always be done at the application level... when someone logs into FAS it is a request: proxy->fasserver and then they have a cookie that lasts for X minutes to authenticate against the various FAS using applications. Nothing should really auth on the proxy directly that I can think of...
this information I just copied from old fig and moved to description......removed it from description and flow chart updated.
- For the 'data layer' in the last diagram, might note that that is mostly database servers. I guess in the case of the wiki it's also nfs storage (for attachements).
Fig just mentioned "data layer" but no information about it like "proxy layer" cloud in that fig......updated fig....done! I guess :)
thanks & regards,
Overall this looks great!
Thanks again for working on it.
kevin
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure