Multi vs Single Homed Web Servers - Security and Performance

From: zippo76 (bgavenda_at_classifiedventures.com)
Date: 07/25/05

• Next message: Leon Mayne [MVP]: "Re: Writing to a Virtual Directory"
• Previous message: tony: "iis 6.0 http to https redirection for owa 2003"
• Next in thread: Jeff Cochran: "Re: Multi vs Single Homed Web Servers - Security and Performance"
• Reply: Jeff Cochran: "Re: Multi vs Single Homed Web Servers - Security and Performance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 24 Jul 2005 15:13:56 -0700

I have a network architecure/security question on a 30 server
2K3/IIS6/SQL web site. Our web servers are currently multihomed with
separate physical cards and 100 or 1GB vlans for internet, sql access,
and admin/updating. Netbios is turned off on the internet and db
cards, and the third connection we have to turn on file/print and
shares for developers updating templates. Our current perimeter
consists of 1 fw and 1 F5.
Our networking group has been trying to convince the Windows group to
move everything to a single GB interface (behind 1 fw, 1 F5, and
another fw). As an admin of over 10 years, I fear this as i would have
to use 1 interface for internet (http/https), Data, File Shares,
connecting to remote shares, browser broadcasts, AD membership (DCs 2
firewalls away). I'm currently open to new ideas, but 10 years of NT
experience tells me this is just wrong from a security and from a
performance aspect.
If I'm nuts and paranoid, please someone tell me why (please send
location of docs specific to single homed windows servers. If not,
please help by directing me to the most conclusive docs on why is this
wrong. I've gotten many docs on best practices and theories, but
nothing that ready drives either point home.

---

• Next message: Leon Mayne [MVP]: "Re: Writing to a Virtual Directory"
• Previous message: tony: "iis 6.0 http to https redirection for owa 2003"
• Next in thread: Jeff Cochran: "Re: Multi vs Single Homed Web Servers - Security and Performance"
• Reply: Jeff Cochran: "Re: Multi vs Single Homed Web Servers - Security and Performance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: OMA not implemented issue ... Both are secured with SSL. ... /Exchange virtual directory and I can log in to the OMA now. ... Why did you create another 'Web site identifier'? ... necessary when using front-end servers. ... (microsoft.public.exchange.setup) Re: Running more than one service on one box ... your servers, and you may find yourself in good shape. ... while dedicating a separate box as an ... > does web, mail, and DNS. ... > their access and starts messing with the web site, ... (Security-Basics) Re: Page can not be display.....cannot find server or DNS error ... and thinking rebooting the servers help ... site this morning, after digging around, using tracert on the web site ... reboot the servers and see what happens. ... All updates have been downloaded and installed on the ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Page can not be display.....cannot find server or DNS error ... Just to let you know---Even though I was able to get to the web site that we ... and thinking rebooting the servers help ... reboot the servers and see what happens. ... All updates have been downloaded and installed on the Workstations. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Only domain admins can print or view web page ... right away from the time I built the servers. ... web site problem had the same issue. ... >access for failure, ... I have 2 servers at remote sites that will ... (microsoft.public.win2000.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)