The attached guide (PDF format) explains how to reduce connectivity risks by using a dual-DMZ topology and deploying the XMPP proxy server used by Sametime Gateway in the additional DMZ.
DMZ XMPP proxy server
The DMZ XMPP proxy server is the same J2EE application that Sametime Gateway uses for the conventional XMPP server. The difference is how you deploy it: you deploy the DMZ XMPP server in a different cell from Sametime Gateway, and you set up a firewall between the Sametime Gateway servers and the DMZ XMPP proxy server. The use of a separate cell and an additional firewall provide added security to your Sametime deployment.
To deploy the DMZ XMPP proxy server, you will set up a dual DMZ deployment where the Sametime Gateway servers reside in the Application DMZ and the DMZ XMPP proxy server resides in the Web DMZ. External XMPP users can access only the DMZ XMPP proxy server, which passes requests for data to the Sametime Gateway servers, which in turn connect to the Sametime Community Servers on the corporate intranet before routing data back to the users.
Note that the DMZ XMPP proxy server is not secured like the WebSphere DMZ Secure Proxy Server, because the XMPP application is installed on a WebSphere Application Server. However, deploying the DMZ XMPP in an dual-DMZ configuration does provide more security than installing it within the base DMZ.