I am working on ISM architecture, so I have plan to deploy ISM UI server in DMZ and ISM Processing server in Internal Zone. However, I found that ISM UI in DMZ has the connection to database server resided in Internal zone, and my customer do not allow any connection from DMZ to database server.
So, please help to recommend the ISM architecture which consist of the following criteria.
1. User can access ISM from Internet
2. Do not allow any ISM connection from DMZ to database server.