A second LAN connection to the DB server only makes a difference if the network traffic becomes the bottleneck. If both internal and external users share/access the DB server, they *will* compete for the DB server regardless of the network configuration. In that case, you'll want to make sure that internal users have minimal ad hoc capabilities (to prevent long-running, heavy, and blocking queries), and that the server is optimally configured for a large volume of short transactions. Whether sharing the DB server creates a performance problem would depend on the configuration of the DB server, how optimal the database implementation and configuration is, and how your scalable and optimized your applications are. Realistic tests (if possible) or actual usage experience would be the best indicator.
HTH, Tore. ----- Original Message ----- From: "Daniel Field" <[EMAIL PROTECTED]> To: "ActiveServerPages" <[EMAIL PROTECTED]> Sent: Thursday, October 31, 2002 10:03 AM Subject: RE: Network Design > Will the DB server not be better on a separate LAN to help with perfomance? > I dont wany anyone on the LAN blocking call to the DB server from the web > server? > > -----Original Message----- > From: Van den Bossche Eric [mailto:E.VDB@;sherwineu.com] > Sent: Thursday, October 31, 2002 15:02 > To: ActiveServerPages > Subject: RE: Network Design > > > Internet Router > | > | > | > Firewall ------DMZ-----Web Server > | > | > | > Internal LAN-----all your servers (incl DB server) > > This is the setup we had and it works perfectly. There is no need to have a > link between web and db server. This can be done with the firewall config, > it is more secure. > > Greetings Eric > > -----Original Message----- > From: Chance Ellis [mailto:chance_ellis@;yahoo.com] > Sent: Thursday, 31 October, 2002 15:52 > To: ActiveServerPages > Cc: [EMAIL PROTECTED] > Subject: RE: Network Design > > > In your design, if someone compromised your web server > they would have access to your internal network > through the database server. Since these servers are > not firewalls, they will be advertising well known > ports to exploit. This design makes your Firewall > totally useless. > > This is how your network should look: > > Internet Router > | > Hub > | > Proxy/Firewall ------DMZ-----Web Server > | | > | HUB > | | > | DB Server > | | > Hub-----------IDS Sensor---------- > | > | > Internal LAN > > > At the Firewall, you only allow traffic to tcp ports > 80(http) and 443(https) to the web server in the DMZ. > You don't allow any originating traffic from the > Internet to your LAN. You allow all traffic from your > LAN to the Internet, if this is your policy. Your web > server should never have a direct connection to the > Internet... > > HTH > > > > --- Daniel Field <[EMAIL PROTECTED]> wrote: > > This is what I have: > > > > > > Internet Router > > | > > Hub-------------------Proxy/Firewall > > | | > > Web Server-------- | > > | | | > > Hub | | > > | | | > > DB Server | | > > | | | > > | | | > > Internal Hub---------------- > > | > > | > > Internal Network > > > > So the Web server and the proxy machine are the only > > machines with direct > > Internet connections. > > > > > > > > > > -----Original Message----- > > From: Tore Bostrup [mailto:tbostrup@;telocity.com] > > Sent: Wednesday, October 30, 2002 23:22 > > To: ActiveServerPages > > Subject: Re: Network Design > > > > > > I'm wondering where he'll put it in order to secure > > the network. I'm not an > > expert in configuring DMZ's etc., but this > > configuration sounds like it > > contains a number of back doors. > > > > (Copy the below and paste into Notepad with a > > proportional font such as > > Courier New): > > > > Internet > > | > > +---Web Server---------+ > > | | | > > | +---DB Server---LAN > > | | > > +---Proxy (Firewall?)--+ > > > > Regards, > > Tore. > > > > ----- Original Message ----- > > From: "Van den Bossche Eric" <[EMAIL PROTECTED]> > > To: "ActiveServerPages" > > <[EMAIL PROTECTED]> > > Sent: Wednesday, October 30, 2002 12:05 PM > > Subject: RE: Network Design > > > > > > > I guess it is time to put a decent firewall in > > place !!!!!! > > > > > > > > > Eric - IT Manager > > > > > > -----Original Message----- > > > From: Daniel Field [mailto:daniel@;worldof.net] > > > Sent: Wednesday, 30 October, 2002 17:25 > > > To: ActiveServerPages > > > Subject: RE: Network Design > > > > > > > > > Its through a secured second network card for the > > internal network. > > > > > > At the moment the DB server is only connected to > > the web server via a > > > secured LAN (The web server as 3 nics and sits on > > 3 networks... live > > > internet, secured DB, and internal LAN). > > > > > > Was justing think I could merge the secured DB LAN > > with the secured > > internal > > > LAN. Think I will leave it as is! > > > > > > -----Original Message----- > > > From: Tore Bostrup [mailto:tbostrup@;telocity.com] > > > Sent: Wednesday, October 30, 2002 16:20 > > > To: ActiveServerPages > > > Subject: Re: Network Design > > > > > > > > > You are brave(?) to allow access to your internal > > production DB as well as > > > you entire local area network through the web > > server... > > > > > > Besides that, of course all those using the same > > DB server will compete > > for > > > the same resources (the database, CPU, memory, > > disk, etc.) on the server. > > > > > > HTH, > > > Tore. > > > > > > ----- Original Message ----- > > > From: "Daniel Field" <[EMAIL PROTECTED]> > > > To: "ActiveServerPages" > > <[EMAIL PROTECTED]> > > > Sent: Wednesday, October 30, 2002 8:48 AM > > > Subject: OT: Network Design > > > > > > > > > > If I have the following: > > > > > > > > Live Internet Network: > > > > > > > > Web Server (Also connected to Internal LAN via > > second network card for > > DB > > > > Access) > > > > Proxy Server (Connected to Internal LAN) > > > > > > > > Internal LAN: > > > > DBServer > > > > My Desktop Machines > > > > > > > > Will my desktop machines cause problems for the > > web server connecting to > > > the > > > > DB server? I.E will it slow the connection down? > > > > > > > > Dan > > > > > > > > > > > > > > > > > > > _____________________________________________________________________ > > > > This e-mail has been scanned for viruses by the > > WorldCom Internet > > Managed > > > Scanning Service - powered by MessageLabs. For > > further information visit > > > http://www.worldcom.com > > > > > > > > --- > > > > You are currently subscribed to > > activeserverpages as: > > > [EMAIL PROTECTED] > > > > To unsubscribe send a blank email to > > > %%email.unsub%% > > > > > > > > > > > > > --- > > > You are currently subscribed to activeserverpages > > as: [EMAIL PROTECTED] > > > To unsubscribe send a blank email to > > > %%email.unsub%% > > > > > > > > > _____________________________________________________________________ > > > This e-mail has been scanned for viruses by the > > WorldCom Internet Managed > > > Scanning Service - powered by MessageLabs. For > > further information visit > > > http://www.worldcom.com > > > > > > > > > > > > > > > _____________________________________________________________________ > > > This e-mail has been scanned for viruses by the > > WorldCom Internet Managed > > > Scanning Service - powered by MessageLabs. For > > further information visit > > > http://www.worldcom.com > > > > > > --- > > > You are currently subscribed to activeserverpages > > as: [EMAIL PROTECTED] > > > To unsubscribe send a blank email to > > > %%email.unsub%% > > > > > > --- > > > You are currently subscribed to activeserverpages > > as: > > [EMAIL PROTECTED] > > > To unsubscribe send a blank email to > > %%email.unsub%% > > > > > > > > > --- > > You are currently subscribed to activeserverpages > > as: [EMAIL PROTECTED] > > To unsubscribe send a blank email to > > %%email.unsub%% > > > > > _____________________________________________________________________ > > This e-mail has been scanned for viruses by the > > WorldCom Internet Managed > > Scanning Service - powered by MessageLabs. For > > further information visit > > http://www.worldcom.com > > > > > > > > > _____________________________________________________________________ > > This e-mail has been scanned for viruses by the > > WorldCom Internet Managed Scanning Service - powered > > by MessageLabs. For further information visit > > http://www.worldcom.com > > > > --- > > You are currently subscribed to activeserverpages > > as: [EMAIL PROTECTED] > > To unsubscribe send a blank email to > %%email.unsub%% > > > __________________________________________________ > Do you Yahoo!? > HotJobs - Search new jobs daily now > http://hotjobs.yahoo.com/ > > --- > You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > %%email.unsub%% > > --- > You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > %%email.unsub%% > > _____________________________________________________________________ > This e-mail has been scanned for viruses by the WorldCom Internet Managed > Scanning Service - powered by MessageLabs. For further information visit > http://www.worldcom.com > > > > _____________________________________________________________________ > This e-mail has been scanned for viruses by the WorldCom Internet Managed Scanning Service - powered by MessageLabs. For further information visit http://www.worldcom.com > > --- > You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] > To unsubscribe send a blank email to %%email.unsub%% > --- You are currently subscribed to activeserverpages as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
