Here's a little more info about the traffic flow:
For the INB and SSB servers, Luminis
logs the user into the server (using what Luminis refers to as “Single Sign
On”), and then hands off the connection to the user. In the case of INB it
actually opens a new browser window. For SSB, the default is to frame the SSB
connection within the Luminis window, but the frame will be a direct connection
to the SSB server. So the connections from Luminis to the SSB and INB servers
will need to go through the load balancer, since that’s where direct
connections to those servers would be routed.
The D2L servers are being hosted
by D2L, and I’m pretty sure are physically located in Canada, so that
connection will need to be able to get out of the OIR network to the target
system. That’s also true for any other Single Sign On connection that the schools
need for their systems.
There are a couple of other
connections that Luminis will make to the Banner database or middle tier
servers that can be routed within your network.
There are Banner portlets that
run within the Luminis framework. The portlets display selected sets of data
from the Banner system within the Luminis window. The connection for the
portlets is through a component that runs on one of the Banner middle tier servers
(OAS or WebLogic server), and is a direct connection from the Luminis server to
the Banner middle tier, so that connection can be routed within your network.
The event processing connection,
which is how we get updates from Banner to the Luminis server, are handled by a
direct connection from a component that runs on the Luminis server to the
Banner database. The Luminis component requests new event data from Banner,
then XML transforms the data, and pushes the XML message to a message broker
component running on the Luminis server. The message broker component then
publishes the XML message to any system that is subscribed to the specific
message type (person data, course term information, course section information,
student enrollments, faculty teaching assignments).
There may be multiple systems
that consume the XML messages from the message broker, including D2L or the
school’s local Active Directory server, so there will need to be firewall rules
configured to allow connections to the message broker from outside the
network.