login      my ps      about      contact  



home instructor-led training on-demand screencasts blogs


The Tripping Point » Internal vs. external Systems, Part 2

Internal vs. external Systems, Part 2

In response to last night's post, MarkF commented that he thought MarkB's original point was about architecture, not data. That is, that you should design architectures assuming that they will end up exposed on the Internet. MarkB responded that yes, he was talking about architecture, but also about data (as I had assumed). In any case, even if you just consider architecture and not data, my point still holds. The design tensions for external facing systems, especially security, are very different from interal systems. Talk to anyone at a big company (or even a medium sized company) and they'll tell you that what they do in the DMZ between firewalls and what they do for internal corporate systems are not the same. In my experience, the cost of safely externalizing a system is high enough that you only want to do it when it is required. If I wanted to expose a heretofore internal system externally, I would redesign it or design a gateway to it. I would never expect to simply expose it because it wasn't designed for that. 

Posted Jun 10 2005, 07:34 AM by tim-ewald

Comments

Mark Baker wrote re: Internal vs. external Systems, Part 2
on 06-10-2005 6:15 AM
"The design tensions for external facing systems, especially security, are very different from interal systems." I agree. But my point is that the tensions facing external systems are largely a superset of those facing internal systems. As a commentor said on the other post, "As a general statement you might want to say something like on average, architects are underappreciating the need for integration in the future".

I've built large SOA systems (for the Intranet), and I've built large RESTful systems (for both the Internet and Intranet), and there's no question in my mind which approach is a *lot* more conducive to unanticipated integration.
Fraser wrote re: Internal vs. external Systems, Part 2
on 08-05-2005 2:03 AM
I agree with some of the differences you have highlighted but definately not the assumption that internal systems are somehow more secure than those exposed to the Internet. Yes its true that there are sometimes different threats to mitigate, but ask any security guy where they think the majority of explotations occur and I suggest that you will find that the answer is 'from within'. Also they're often harder to resolve because of the basic 'software fortress' assumptions that are made.

Anyway, back to the other point. I absolutely agree that only a subset of internal systems are likely to made available for external consumption. If we accept that, then going back a post or two, it picks up your theme of whether we should (in those cases) work hard for protocol independance or even technology independence. Large organisations often make huge investments in core technologies and have absolutely no intention of switching to an alternate vendor any time in the near term. They also want to leverage as much as possible out of that investment and if that means a degree of vendor lock-in and some loss of reusability, this is a price that may be worth paying versus a lowest common denominator approach, that has ultimate flexibility/replacability but suffers in other functional and non functional aspects. For years we have heard of the holy grail of a completely commoditised infrastructure, but the reality is very different and until the disruption and risk is minimised to the extent that moving from one supplier to another is very much smaller than it is today, I for one find it difficult in some cases to justify the extra design/build effort.

Add a Comment

(required)  
(optional)
(required)  
Remember Me?


home instructor-led training online training blogs

781.749.9238 (East Coast) | 310.251.9901 (West Coast) | Pluralsight, LLC , 185 Lincoln St., Suite 305, Hingham, MA 02043-1741

Copyright © 2008 Pluralsight LLC. All rights reserved.

designed by nukeation