Re: Securing web site with redundancy ?

From: Ben Timby (asp_at_webexc.com)
Date: 08/21/04

  • Next message: Monty Ree: "against outgoing spam using /usr/sbin/sendmail?"
    Date: Fri, 20 Aug 2004 17:57:15 -0500
    To: Bénoni MARTIN <Benoni.MARTIN@libertis.ga>
    
    

    First of all, what you are asking about is not security related, it is
    however called high availability this is often implemented as a failover
    setup (what you described) or NLB, Network Load Balancing. Both of these
    concepts are closely related, and the solutions are often nearly the
    same (configuration is different). NLB can be implemented via software,
    but more often in hardware. MS has Application Center, which has a bunch
    of IIS related mgmt. tools along with NLB implementation. In contrast
    you could go the hardware route, and check out F5 (I have used these
    personally with great success), Coyote Point systems or Cisco Local
    Director (maybe something else now, have not looked at their stuff
    recently) to name a few.

    If you are looking for a low cost solution, you could go another route,
    which is to use an apache server running mod_proxy as a reverse proxy. I
    know there are other mods for apache that allow cookie based server
    affinity and other neat tricks. You could also look into using the PF
    firewall on OpenBSD (or FreeBSD) to do blind round robin packet
    forwarding. Either of these solutions would require you to place a *BSD
    or Linux machine in front of your Windows boxen to handle the balancing
    of load.

    Hope that helps.

    Bénoni MARTIN wrote:
    > Hi all !
    >
    > I was wondering if there was a way to set up 2 "redundant" web servers (identical web sites), i.e. when one crashes, the other one takes the connection over. The same thing which is already available for firewalls (high disponibility), but with web servers.
    >
    > We would have 2 Windozes in a DMZ with IIS as the web server, and a pix firewall between the dmz and Internet. Is there any tool allowing this out there ? I tried to google quite a while, but without any chance...
    >
    > Some one has an idea ?
    >
    > Cheers list !
    >
    > ------------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. All of our class sizes are
    > guaranteed to be 12 students or less to facilitate one-on-one interaction
    > with one of our expert instructors. Check out our Advanced Hacking course,
    > learn to write exploits and attack security infrastructure. Attend a course
    > taught by an expert instructor with years of in-the-field pen testing
    > experience in our state of the art hacking lab. Master the skills of an
    > Ethical Hacker to better assess the security of your organization.
    >
    > http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
    > -------------------------------------------------------------------------------
    >

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.securityfocus.com/sponsor/InfoSecInstitute_security-basics_040817
    ----------------------------------------------------------------------------


  • Next message: Monty Ree: "against outgoing spam using /usr/sbin/sendmail?"

    Relevant Pages