Re: Decision on where to place SQL db (DMZ or internal?)

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 06/26/05 

Date: Sun, 26 Jun 2005 18:05:43 GMT

On Sun, 26 Jun 2005 09:57:25 -0700, "Marlon Brown"
<nospamarlon@hotmail.com> wrote:

>My main webserver (Win2003, IIS6.0) pulls info from a SQL db and displays
>information such as schedule of working hours, events, etc to users.
>
>I will publish such webserver via a reverse-proxy. Question is this:
>Is it recommended put such SQL database in the "DMZ", or since I have the
>option of publishing such webserver with ISA 2004 it would be considered
>secure keep the SQL database in the internal network, housed with other
>internal db we have. Just as a side note, the SQL server I have in the
>internal network is SAN connected.

Your choice. A lot depends on how the data is accessed and used,
whether you need internal access to the same data, and what risk
you're willing to take for convenience and yimeliness. You could host
it in both places, simply replicating internal data to external if you
wish. You can use an internal server but a separate instance of SQL.
You can ensure non-standard ports are used, that firewall settings
allow data from SQL only to the web server and not the WAN, and stored
procedures fo everything. Lock the servers as appropriate for your
choices.

Jeff

Relevant Pages

  • Re: local admin account password
    ... >> except its based on something specific about the server. ... >> more recovery console and don't think cached logins will work. ... >> The DB file would be encrypted with EFS so only the limited user SQL ... >> and the app itself doesn't really need to be secure as the ...
    (Focus-Microsoft)
  • RE: Fulltext failure on a 2 node cluster
    ... Server full-text search resource online: "SQL Cluster Resource 'Full Text' ...
    (microsoft.public.sqlserver.clustering)
  • Re: HELP PLEASE ~ ???
    ... You mentioned that it went ahead and added a SQL ... SQL Server 2000 database for all my data. ... find the connectionString in the newly recreated SQLExpress database. ... The connection string specifies a local Sql Server Express instance ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: local admin account password
    ... > 2) Use a different password on all boxes and a big filling cabinet to secure ... > 5)My main idea/plan is to store all the passwords on a central SQL server. ... The backup user can make a zip ...
    (Focus-Microsoft)
  • Re: Multi-Channel Raid VS SAN Storage
    ... A 5~6 years old server is a very old server. ... As I mentioned, the server is one node in a cluster environment, and SQL is ... We actually are running RAID 1+0 and our aplication is definately more ... needs it's own SAN device, or at least a dedicated IO channel on the SAN. ...
    (microsoft.public.sqlserver.setup)
Quantcast