Topology

The topology diagram shows the recommended ARKSSPR architecture for internal and internet-facing access scenarios.

In the internal network, the ARKSSPR Server hosts the web application on IIS and runs the ARKSSPR Service. The service communicates with the database over TCP 1433 and with Active Directory over LDAP or LDAPS. Internal client machines use the ARKSSPR Agent to communicate with the ARKSSPR Server over HTTPS 443.

For internet-facing access, the ARKSSPR DMZ Service is placed in the DMZ network. Internet users connect to the DMZ service over HTTPS 443. The DMZ service works as a web traffic relay/proxy and forwards incoming requests to the internal ARKSSPR Server.

The DMZ server does not contain business logic and should not communicate directly with the database or Active Directory. Administrative operations are performed through the internal ARKSSPR system. For security reasons, the DMZ server must not be a domain member.