In some installations, server computers are compartmentalized into groups, referred to herein as “zones.” For example, a trusted secure zone might be created in a data center that includes server computers configured to perform tasks that require a very high level of security and trust. The server computers in a trusted secure zone might maintain credit card information and perform payment-processing services, for instance. A trusted secure zone is typically secured both physically, through the use of physical access control mechanisms, and electronically, through the use of devices designed to monitor and control incoming and outgoing network traffic.
In some installations, an untrusted zone might also be utilized that does not include all the physical and network access control mechanisms used in a trusted secure zone. For instance, an organization might maintain a trusted secure zone that is restricted to a very small number of authorized employees and an untrusted zone that includes server computers that are accessible to a much larger group of employees. Some server computers in the untrusted zone might provide various services to other computers in the untrusted zone.
It may be desirable for server computers operating within a trusted secure zone to utilize services provided by server computers operating within an untrusted zone. Due to the highly sensitive nature of the computing operations performed within a trusted secure zone, it can be difficult to enable this functionality in a manner that does not create significant duplication of services and that does not compromise the security of the trusted secure zone.
One mechanism utilized to provide the functionality described above involves duplicating certain functionality provided by server computers operating in the untrusted zone within the trusted secure zone. Data is then periodically synchronized from the server computers operating in the trusted secure zone to the server computers operating in the untrusted zone. This mechanism, however, may be undesirable because it creates duplicate services in both the trusted secure zone and the untrusted zone, makes operating the trusted secure zone more complex, and may involve the sometimes complex synchronization of data from the trusted secure zone to the untrusted zone.
It is with respect to these and other considerations that the disclosure made herein is presented.