Browse Prior Art Database

A Method of Providing Security Zones Within Web Hosting Sites Disclosure Number: IPCOM000015620D
Original Publication Date: 2002-Mar-13
Included in the Prior Art Database: 2003-Jun-20

Publishing Venue



We describe a method to extend security zones into Web Hosting sites. In the environment that we have today where exploitation through the internet is a daily affair, security is vital at all levels. Customers are requiring levels of security be introduced at all levels, even inside cages owned by them in Web Hosting sites. The method introduces the Virtual Local Area Networks (VLANS) concept to provide zones of security within the infrastructure. The advantage of our approach is that it extends a VLAN concept which has been applied in the security area in other development applications, to a service provider to isolate layers of the infrastructure. Firewalls are shared between customers in this approach, as are other devices, but the use of VLANs allows layered security to be provided a lower cost. Virtual Local Area Networks (or VLANS) allow a switch to support multiple Ethernet LANs that are logically distinct from each other. Two devices on different VLANs cannot communicate with each other any more than if they were on separate LANs. A router is required to forward the traffic between the VLANs. VLANS have been developed and deployed around the world in enterprise networks. The properties of VLANS are put to use in ISP and or Web Hosting applications for the purpose of not simply isolating a few devices or enterprises but of separating layers of devices based on function. This concept is illustrated in the following diagram Internet Layer Customers A and B share firewalls at different layers- Web layer, Data Layer and the "back end" or tools layers. Thus, the isolation aspects of VLANs may be used to provide service for multiple customers in a shared infrastructure. Customers may be assigned to different VLANS and share routers, switches and other networking devices. 1