Re: Courtyard arrangement - Jeff Middleton
- From: "Anthony Smith" <anthony@xxxxxxxxxxx>
- Date: Tue, 22 May 2007 13:38:02 -0400
Thanks for the reply and heads up on the licensing. I'll have to check with
the application vendor on this.
Website users aren't logged into the SQL database when browsing the site or
placing orders. I think the data is imported into the Accounting software
possibly by XML. I know the pages generated by the software are ASP pages.
"Leythos" <Void@xxxxxxxxxxx> wrote in message
news:1179315649_2905@xxxxxxxxxxxxxxxxxxxxxxx
On Tue, 15 May 2007 12:49:47 -0400, Anthony Smith wrote:
Good Afternoon,
I'm looking to set up a webserver for a public website and after
searching google for information on this topic I found several
discussions that Jeff Middleton was in. I am interested in learning
more about this courtyard arrangement spoken of in a Aug 5th 2002 topic
called "SBS and hosting (newbie at hosting)".
We're running SBS2003 and just added a member server Windows 2003 R2.
I'm assuming I will have to remove this as a member server since we will
be implementing a DMZ. The reason we are hosting our website because
our business accounting application(SQL backend) that is run on SBS
allows us to put our products online but the database and ecommerce must
reside in same building or set up an expensive VPN tunnel with an ISP.
We could have an ISP host the database application AND website or we
have to host it ourselves, as long as the database and website are under
1 roof it's ok as I was told by the software vendor. It'll be too
expensive for us to have the database local and set up a VPN tunnel to a
ISP. So we're going to try to host it ourselves.
After looking at several discussions, I like this courtyard arrangement
referenced in the discussion "SBS and hosting (newbie at hosting)". Do
you have a diagram possibly showing how this would be done. Also is
there any documented information for setting this up? Would you still
recommend this arrangement in 2007? (smile) This was your recommendation
among others back in 2002.
Some simple things to keep in mind:
1) Firewall Appliance, not a cheap NAT device, a REAL Firewall appliance.
This is a must and will provide a real isolated DMZ network.
2) Since you indicate SQL and WEB, you will make a rule that permits SQL
Port 1433 from DMZ to LAN, that's the only connection you need for your
website to use the database.
3) If your website uses "Windows" authentication then you've got large
problems, that's a very large security risk. Your website must use SQL
authentication, not use the "sa" account, and should be using an account
that only has access to the specific database your application uses.
4) SBS2003 SQL does not permit use of a web application without a license
for EACH USER. That means that each person that accesses your website has
to actually have a license purchased by you - you must use SQL in CPU
license mode and SBS doesn't provide that.
So, considering that you can't provide anonymous, or authenticated
access, to the server resources, under any form of authentication or not,
you can't use SBS to provide what you are wanting to provide.
I spent several hours with MS to get this licensing thing confirmed just
last month - and they provided a link to a document that CLEARLY shows
that you can not provide ANY FORM OF AUTHENTICATION (even looked up in a
database table) and be properly licensed with SBS SQL.
--
Leythos
Igitur qui desiderat pacem, praeparet bellum.
Calling an illegal alien an "undocumented worker" is like calling
a drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.
- References:
- Courtyard arrangement - Jeff Middleton
- From: Anthony Smith
- Re: Courtyard arrangement - Jeff Middleton
- From: Leythos
- Courtyard arrangement - Jeff Middleton
- Prev by Date: Re: Server Application Unavailable
- Next by Date: Re: Exchange 2003
- Previous by thread: Re: Courtyard arrangement - Jeff Middleton
- Next by thread: Re: WSUS Installation Error
- Index(es):
Relevant Pages
|
