Deployment Options (Velocity)

Security Considerations

The "Velocity" distributed cache system is designed to be operated in the corporate datacenter within the perimeter of the corporate firewall. The servers described in this topic are the server hosting the cache configuration storage location, the cache servers, the cache-enabled application servers, the development servers, and the primary data source server. All servers should be co-located on the same corporate domain.

Because cached data and the TCP/IP communications between the cache servers is not encrypted, the distributed cache system is vulnerable to malicious "sniffing" and "replay" attacks.

Note

The "Velocity" cache client is meant to reside in the application tier of your application ecosystem. End users inside or outside your corporate domain should not have direct network access to the cache servers.

When decommissioning a cache server, the "Velocity" installation program may not remove all firewall port exceptions. After "Velocity" has been uninstalled, we recommend that you reapply the corporate standard firewall configuration.

Deployment Scenarios

To simplify the discussion of deployment options, this topic will focus on three distinct examples:

• Developer deployment: A single-computer deployment used by to develop cache-enabled applications.

• Mid-sized deployment: A multi-computer installation that does not use SQL Server, with lead hosts performing the cluster management role.

• Enterprise deployment: A multi-computer installation that uses SQL Server for storing cluster configuration settings and performing the cluster management role.