If the process is to be accessed via the Internet, then security measures should include firewalls and possibly a VPN (Virtual Private Network) solution. In this scenario where we have both Thin Clients and ordinary browser users, we’ve included two firewall access points in addition to a VPN implementation on the first firewall. In the event that unauthorized access is successful in passing through the first firewall, there is a second firewall, which must be breached before reaching the IGSS server.
As can be seen in the illustration, both the IIS and IGSS Portal software are installed on an operator station immediately after the first firewall and the Terminal server is installed on the next operator station.
The presence of the second firewall is to restrict the number of available ports by which to access the IGSS server. On the second firewall, only the IGSS Portal port and the file transport port are allowed to communicate with the IGSS server.