• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Where to put my web servers?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Where to put my web servers? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Where to put my web servers? - 28.Jul.2008 1:23:06 PM   
stevenjatkinson

 

Posts: 2
Joined: 28.Jul.2008
Status: offline
Hello all...

I am very new to web site hosting (which you will probably pick up from my post).

I have a few questions about where to place web servers in our organisation.  We have the following requirements -
  • Scenario 1 - Internal and external users accessing web site from internal network and external network
  • Scenario 2 - Internal users accessing web site from internal network only.
  • Scenario 3 - External users accessing web site from external network.
Scenario 1 - We would have the web site on web servers in the DMZ - is it okay for internal users to access the web site in the DMZ?  or should the web site in the DMZ only be used by external users? - and we make a copy for internal users on an internal web site?
Scenario 2 - I understand that we could put this on the internal network - but could this be put in the DMZ (even though no external users will access?)  What is the recommended approach?  are there any best practices?
Scenario 3 - Again web site in the DMZ...

I guess i am rambling on a bit - what i am trying to ask is - is it better to have all your web servers in the DMZ even though in some scenarios only internal users will be using the web site?  Is it recommended to go from internal network to DMZ?

For information - we have appliance firewalls and ISA 2006 for authentication - we also have a small AD in the DMZ for extranet users.

Thanks in advance.
Post #: 1
RE: Where to put my web servers? - 28.Jul.2008 2:09:06 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

quote:

Scenario 1 - We would have the web site on web servers in the DMZ - is it okay for internal users to access the web site in the DMZ?  or should the web site in the DMZ only be used by external users? - and we make a copy for internal users on an internal web site?

For this scenario, the perimeter is the best option.
quote:

Scenario 2 - I understand that we could put this on the internal network - but could this be put in the DMZ (even though no external users will access?)  What is the recommended approach?  are there any best practices?

You only put server in perimeter if they will be available to external users, otherwise your servers will be at risk for no propuse.
quote:

Scenario 3 - Again web site in the DMZ...

For sure you have to put in perimeter!

If any of your server is available to internet, then you should put it in a perimeter network.
quote:

For information - we have appliance firewalls and ISA 2006 for authentication - we also have a small AD in the DMZ for extranet users.

Based on this, I strongly recommend you to put it in a perimeter network, once you have an external AD for external users.

Regards,
Paulo Oliveira.

(in reply to stevenjatkinson)
Post #: 2
RE: Where to put my web servers? - 29.Jul.2008 4:37:03 AM   
stevenjatkinson

 

Posts: 2
Joined: 28.Jul.2008
Status: offline
Thanks for that...

Just to be clear, if i have a web site that needs to be accessed by both internal and external users - would internal users on the local LAN access the web site in the DMZ (shared with the external users) or would it be better to have a copy of the web site on the internal network and have the internal users connect to that?  What (if any) are the best practices in this area?

Regards

(in reply to paulo.oliveira)
Post #: 3
RE: Where to put my web servers? - 29.Jul.2008 8:44:34 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

like I said in the first scenario... best option is put it on a perimeter (DMZ), even if this web server will be accessed from internal network.
Best practice for ISA is to allow only required protocols.

Regards,
Paulo Oliveira.

(in reply to stevenjatkinson)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Where to put my web servers? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts