RE: ASP, BizTalk server SQL DB and Firewall architecture.

• Previous message: Eric: "RE: outlook 2000 vs latest outlook express deployment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Sarbjit Singh Gill" <ssgill@gilltechnologies.com>
To: <focus-ms@securityfocus.com>
Date: Mon, 25 Nov 2002 23:54:36 +0800

Thanks all for the replies.

Solution:
 I realize with BizTalk 2002, i could use a HTTP receive function. This
allowed me to pick up files from the DMZ based web server using http. A
simple configuration on the firewall and i am up and running with a simple,
quick and using standard protocols and ports.

Cheers
Gill

-----Original Message-----
From: disciple [mailto:marcus@nwnc.net]
Sent: Friday, November 22, 2002 11:48 PM
To: ssgill@gilltechnologies.com; focus-ms@securityfocus.com
Subject: RE: ASP, Biztalk server SQL DB and Firewall architecture.

My 2 cents...

It's a good DMZ security practice to avoid allowing any connections to the
private network to be initiated from the dmz. Helps reduce likelihood of
that connection mechanism to be exploited. You could set up a scheduled job
on your BizTalk server that would poll the web server periodically for new
files, and pull them down. You could do this via a secure method like
ipsec, ssh, etc. You probably have some method for remotely copying files
to the DMZ web servers already, and you may be able to simply use that
method, just automate it.

If you need the files to be copied to the BizTalk server on demand (i.e. the
customer needs immediate confirmation the files have been uploaded to the
back-end), you could set up a method by which your web server sends a
message (via a more secure protocol like http? :) to the BizTalk server to
pick up the files, then use the above automated copy method (or something
like it) to pull the files from the web server. This breaks the rule of NOT
initiating communications from the DMZ, but at the least it mitigates some
risk by not allowing any method that pushes files from the DMZ to the
private network.

If you don't care about whether communications are initiated, and files
pushed, from the DMZ, then the sky is the limit. Although you'd be adding
some risk to your environment.

Sincerely
Marcus

-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill@gilltechnologies.com]
Sent: Wednesday, November 20, 2002 8:19 AM
To: focus-ms@securityfocus.com
Subject: ASP, Biztalk server SQL DB and Firewall architecture.

Greetings folks,

I am facing the following problem and hope to get some valuable advise from
all of you. I would appreciate it if there could be some response on this.

In our architecture, we have a web server, a Biztalk server and a database
server. The Web server hosts the ASP page where the external customer will
access. The external customer will submit files via this ASP page. ASP page
will upload the file and store in some directories so that BIZTALK can
process.

But now the problem is that Web server is hosted in DMZ(between external and
internal firewall), and Biztalk server and database server are hosted
behinds the firewall. Also, since the file receive function of BIZTALK can
only poll the file from the local hard disk, the files to be processed by
BIZTALK must somehow be available in BIZTALK server.

Can ASP sitting in DMZ upload the file to the BIZTALK server which is
sitting behind firewall? Can BIZTALK server be accessible from web server
since they are separated by firewall. If yes is there any setting needs to
be done to achieve this? Or is there other better methods that u can think
of to process the file using the current architecture? Do u knows what are
the common implementation for this type of scenerio?

Thanks in advance for the help.

Kind Regards
Gill

• Next message: Dean Pullen: "Exchange in the DMZ"
• Previous message: Eric: "RE: outlook 2000 vs latest outlook express deployment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]