Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Firewall interfere with the operation of IIOP?

 
Chen ZhiJiang
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which two features of a firewall might interfere with the operation of IIOP? (Choose two)
A. Port filtering
B. Load balancing
C. Address filtering
D. Network address translation
IS Answer A,C correct?
 
Chen ZhiJiang
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is the answer should be A,C
 
Nick Thaker
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would suggest C,D.
Check out the following:
OMG Firewalls for IIOP
To summarise, CORBA's location transparency and peer-based communication model present the main problems in the presence of firewalls.
Location transparency means objects or servers can be relocated without affecting the client. However, address filtering on the firewall will prevent the routable address of a CORBA server from being altered without updating the firewalls tables. Similarly an object moved to a different server could now be located on a machine which is blocked by the firewall. So in a large organisation object/server relocation can become quite cumbersome or political.
The second point centres around problems which arise from NAT behaviour in a firewall. I have to admit I find this document a little obfuscated in it's justifications for why NAT causes problems (it is based around NAT not scaling to a large number of CORBA servers) but one other way to think of it is that IOR's (application messages which identify the CORBA server location to a CORBA client) will contain the IP address and port number of the server host machine. Howeve, NAT prevents the client machine from accessing any old IP address behind the firewall, so when the CORBA client attempts to use the address within the IOR, it will get a CORBA server is unreachable message.
Strangely this leaves Port Filtering out in the cold though of course if you were to block access to a static port used by a CORBA server you'd have problems! Still, you have to get to the machine in the first place which would be blocked by C and D.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic