Seattle IT Edge
server

The modern network architecture theory behind edge system architecture is that some information computing tasks in the network should not be performed by the central computing systems.  These tasks should instead be performed by system on the periphery (or the edge) of the network.  These periphery systems are the focus of Edge system architecture.  These systems are designed to protect the central core business critical systems.

As an example:

One of the most important systems on any network is the central business database.  Accounting, Customer service, operations, management and every other internal business department needs to access some portion of this system.  In our example other business systems are dependent and will fail if the central business database becomes unavailable.

Protecting this data is key factor if the business is to keeping the system running.  Edge systems are placed around these types of key business critical systems to protect them from failure.

Edge Server systems are managed on separate physical devices that house these systems.  Edge systems are usually not located on the same physical server(s) as the core business system.  This way if the edge server is compromised, the core data is still intact.  Edge systems are design to block access to the core systems if an Edge server is compromised or fails.  This is because the risk to the core business system in case of failure is more important than external access to that system.

Often an edge system that protects from spam, system overloads or sneaky viruses attached to an email.  Some edge system examples:

  • Firewalls and routers are among the first security barriers preventing access to production network infrastructure.
  • Load balancing systems are an application system that distributes the computing power of a front end system across multiple mirrored servers.  An example would be a front end a web server farm.
  • Email forwarding in may utilize a hub or transport server to manage and approve traffic before the mail is forwarded to the actual mail store server

An edge server will act as an additional check of the data packet before that packet is passed on to the core business systems of the organization.

The front end physical servers are located in what has become called a DMZ.  A DMZ, or De Militarized Zone, is a physical or logical sub-network that contains and exposes an organization’s external services to a larger untrusted network.  A DMZ becomes the first security later between potential threats from a public network and the core business systems within the network.

Whether your company needs more security to protect your business network or requires a formalized Edge System strategy give us a call to help you design and implement your businesses security perimeter.