Can the connection manager be thought of as a proxy for XMPP?
What I’m trying to figure out is whether or not I can put a connection manager out in a DMZ and then have all external users hit that connection manger, and then the connection manager would forward all traffic to the Openfire server within a production network. What I’m trying to get to is a situation where the external users hit the DMZ server exclusively without having to send any traffic directly to the production network server.
The way you are thinking is mostly correct. The CM’s act as a front end and a sort of network concentrator for the backend OF server. This is very much like how some enterprise web services (ala WebSphere) can be set up. However regarding it in terms of security for a DMZ separation… I dont think such an evaluation has been done. But certainly no direct connections from client to backend OF server would happen.
Let me ask one final question, does the CM forward all traffic to the OF server? For instance if two users were connecting through the CM would the CM forward all traffic from each user to the OF server, or is CM smart enough to just relay traffic user to user without involving the OF server?