In large scale deployments, typically the GridGuard™ Server clusters are located on the internal local area network with a reverse proxy located in the DMZ being responsible for directing HTTPS traffic from external clients to the GridGuard™ servers.

This kind of a network architecture is recommended because of the nature of the information stored on the GridGuard™ servers. The servers store the following highly sensitive data:
a) PIN & position information
b) Configuration settings to access the corporate user registry (usually Active Directory) and other external servers

All of the above information is encrypted before storage. Nevertheless, leaving the GridGuard™ server in the DMZ would leave it more exposed to external attacks. As such, we recommend that the GridGuard™ cluster be installed on the internal LAN.