NEM 2-Tier Architecture
NEM's design architecture consists of two components. One is the Node server or NEM Infrastructure Server (NIS). The other is the NEM Client. The NIS is connected to the p2p network and acts as a gateway for the Client. NEM’s platform is therefore, a two-tier solution, following the convention of the web architecture.The first version of the NEM Client is called the NEM Community Client (NCC).The NCC is basically a client software that includes a wallet. Both the NCC and NIS can be configured to run off the same machine. As it is run from the same machine, both the NCC and the NIS will be exposed to the Internet. A second use case is to separate the NIS from the NCC.
The NIS can thus be configured to act as an additional layer of protection to the NCC thereby making the NCC reasonably protected within its own confines as it can be made not to connect to the Internet. In addition, one can have the option of putting a firewall between the NCC and the NIS, the NCC is therefore two steps away from the Internet. This means that the NCC can be made to work in stealth mode. This type of modular design makes the NCC insulated from external attacks. It is almost impossible to break into the NCC if the NCC is only connected to the NIS through another firewall. If there is any attack on the wallet, it is almost certain that the attack is from within the network rather than from outside the network. Another feature of this architecture is that the NCC acts as a wallet and can be used on any computer, whereas the NIS represents a node on the NEM network and can be hosted from remote locations. Additionally, the client can be loaded onto any computer and a person's wallet can be reloaded as long as this person has her private keys.
The NIS can be placed on a Demilitarized Zone (DMZ) behind a firewall and therefore itself is protected from the Internet. Hence, there exists many options and configurations. This makes NEM's architecture secure.
The NIS has a full set of APIs. The initial NCC has a webserver with useful APIs. These two layers create a firewall of security in between the wallet where all important information is stored and signed, while the NIS announces transactions.