Re: Courtyard arrangement - Jeff Middleton

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Replying to this just so the OP can find Jeff's reply easier.


Jeff Middleton [SBS-MVP] wrote:
Since Cris did ping me on this discussion, I thought I would try to
comment at least in terms of clarifying my previous thread as it
applies today.
I think anyone who is going to spend hundreds of dollars a month on an
ecommerce solution in 2007 needs to move past the concepts I proposed
in 2002 dollars.

There's a lot that has changed, primarily in the scope of what you
can do with ISA server publishing and how we interpret the idea of
what you would put in a DMZ vs in a private LAN protected by an ISA
server.
In the 2002 world, NAT was primarily used to isolate subnets with port
specific forwarding as the primary method available. In the current
world, it's a lot more sophisticated because the issues are more
complex. DMZ publishing is really falling out of favor in a LOB
integrated biz application because a DMZ creates as many problems as
it solves.
The idea of a DMZ was intended to put isolated subnet and security
perimeter outside your trusted domain, but today the reality is that
any machine with connectivity to the Internet is at risk. The DMZ
really just makes the process klunky.

I think the better answer for a combined LOB application with public
facing presence is going to be involved in an integrated ISA solution
that provides secure publishing and traffic monitoring.

BTW, the term "courtyard" arrangement was one I probably coined for
this post, just a simple way to visualize a place outside the house
but inside the wall. It's not one you would find in publications,
just a metaphor.
- Jeff Middleton SBS-MVP
YCST@xxxxxxxxxxxxxxxx



"Cris Hanna [SBS-MVP]"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OmPkW9ylHHA.4960@xxxxxxxxxxxxxxxxxxxxxxx
I certainly don't pretend to speak for Jeff, but Jeff doesn't not
frequent the public NG often.

I've read through that thread pretty throughly and not sure what is
not clear.

The concept has not changed since 2002.
The Web Server must be isolated from the lan
It sits outside "in the courtyard" while the SBS server, database,
applications, etc., are protected by the walls of the house.

I can't stress enough the requirement for secured communications
between the DB side of the SBS server and Webserver.

These forums can share ideas, provide high level overviews and
assist in solving common issues.

Its pretty impossible for us to provide start to finish consulting on
anything as complex as setting up a secure front end
webserver/backend database solution.

If you've other questions fire away and we'll do our best to provide
some guidance, but the specifics may be best left to the application
vendor. --
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Anthony Smith" <anthony@xxxxxxxxxxx> wrote in message
news:O07h2kylHHA.4152@xxxxxxxxxxxxxxxxxxxxxxx
this is a pretty long url. If he google's the subject I indicated
he can get it

http://groups.google.com/group/microsoft.public.backoffice.smallbiz2000/browse_thread/thread/afe6355951c6aaff/422e58d7d7d040ed%23422e58d7d7d040ed

Subject:
SBS and hosting (newbie at hosting)

Under google groups.
Options
"Cris Hanna [SBS-MVP]"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:O0iDvdylHHA.1388@xxxxxxxxxxxxxxxxxxxxxxx
Jeff did not have any immediate recollection of the whole
courtyard thing.
If you have a link it make refresh some memory.

Unfortunately this is one of those cases when the say, you have to
spend money to make money, probably holds true.

Just remember, if this is connected to your accounting software,
you are exposing your company's financial data and records to the
web. I would hope that you've researched the kind of connections
between your webserver and the backend stuff and how the software
protects that. --
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Anthony Smith" <anthony@xxxxxxxxxxx> wrote in message
news:ugj$ISylHHA.2612@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the reply Cris. As stated in my post I don't have
much of a choice because of our new accounting software. The
ecommerce site that comes with the software is top of the line. We'll
be forking out hundreds/mo for hosting both accounting &
website or if we just had an ISP for the site, setting up a VPN
tunnel is expensive also. We have to try hosting in-house. When
sales increase with this website and visitors increase than we
can justify hosting it offsite God willing. With approx.
2000-3000 visitors per month our cable connection should be fine.
We can get close to 1MB UP with about 8MB down with our
cable/internet provider. Thanks for pinging Jeff for me.
"Cris Hanna [SBS-MVP]"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:OzzWMMxlHHA.960@xxxxxxxxxxxxxxxxxxxxxxx
one of the main problems with folks hosting a public website
(putting security issues aside)...especially for ecommerce and
if you plan a reasonable volume of business, is your connection
to the internet? What is your uplink speed to the net

Most business connections are either 384 or 512kbps uplink....Not
ideal for webhosting...thats why its always better to put it
with the folks who have the big pipes.

If I want to buy something from a website, and performance is
poor..I may cancel or not buy there again.

I'm trying to ping Jeff to alert him to your posting.


--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Anthony Smith" <anthony@xxxxxxxxxxx> wrote in message
news:u0E%232DxlHHA.596@xxxxxxxxxxxxxxxxxxxxxxx
Good Afternoon,

I'm looking to set up a webserver for a public website and after
searching google for information on this topic I found several
discussions that Jeff Middleton was in. I am interested in
learning more about this courtyard arrangement spoken of in a
Aug 5th 2002 topic called "SBS and hosting (newbie at hosting)".

We're running SBS2003 and just added a member server Windows
2003 R2. I'm assuming I will have to remove this as a member
server since we will be implementing a DMZ. The reason we are
hosting our website because our business accounting
application(SQL backend) that is run on SBS allows us to put
our products online but the database and ecommerce must reside
in same building or set up an expensive VPN tunnel with an ISP.
We could have an ISP host the database application AND website
or we have to host it ourselves, as long as the database and
website are under 1 roof it's ok as I was told by the software
vendor. It'll be too expensive for us to have the database
local and set up a VPN tunnel to a ISP. So we're going to try
to host it ourselves. After looking at several discussions, I like
this courtyard
arrangement referenced in the discussion "SBS and hosting
(newbie at hosting)". Do you have a diagram possibly showing
how this would be done. Also is there any documented
information for setting this up? Would you still recommend this
arrangement in 2007? (smile) This was your recommendation among
others back in 2002. Thanks!

Sincerely,
Anthony Smith
In God We Trust!

--
/kj


.

Relevant Pages

  • Re: Domain Change
    ... If DYNdns.org is handling your External DNS, have them change this to your new IP of the website. ... >> server has a dynamic IP. ... >>> All you need to do is rent space on a ISP hosting service and FTP ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Courtyard arrangement - Jeff Middleton
    ... Since Cris did ping me on this discussion, I thought I would try to comment ... Microsoft MVPs ... SBS and hosting ... When sales increase with this website and ...
    (microsoft.public.windows.server.sbs)
  • Re: Security question re. default website
    ... site SHOULD NOT be hosted on SBS mainly for security reasons. ... What's the difference between hosting a site that I set up and the ... website (which is how it would need to be to let my users access their ... As you say, the server is publicly open for OWA but it's running Microsoft-created content, which is in widespread use and is likely to be fairly free of exploitable bugs. ...
    (microsoft.public.windows.server.sbs)
  • Re: Courtyard arrangement - Jeff Middleton
    ... I certainly don't pretend to speak for Jeff, ... Microsoft MVPs ... SBS and hosting ... When sales increase with this website and ...
    (microsoft.public.windows.server.sbs)
  • Re: companyweb - Sharepoint services
    ... Public website hosting implies that you would have to open port 80 to the Internet which is vulnerable to hack attacks. ... There are other options, if the budget exist ) to have a separate server in a DMZ zone, and host the public site there. ... Small Business Server 2003 and reinstall the Monitoring component. ...
    (microsoft.public.windows.server.sbs)