I would look into putting Load balancing into effect, so I would look at either Windows 2003 Load balancing, or better yet, looking at F5 GTM/LTM and create VIP's for the physical webservers, so you can take them offline without affecting the entire site, ( Basically taking a physical IP out from being answered by the VIP, do your maintience, and then put it back in)
Content, RAID 5 or RAID 1, but have it on a partition different than the OS, also make sure that your have an Application Pool with a account that can only access its content. SO directory with Content for Site 1, Application Pool with Process Identity 1, which only has NTFS permissions to Directory with Content for Site 1, no others ( Explictly deny it) ( Do the same to isolate all the web-sites) Add the URLSCAN and configure accordingly to block malicious url seuqnences, and look into a Application Layer Firewall which specifically looks and monitors Web-traffic, so to stop a lot of hacking attempts trying to pipe within SSL traffic or Obfuscated sequences) Use Web Hacking tools like W3AF from Source-Force, Nikto, Wfetch to test for SQL Injection, Web application CSS, and other flaws, use Metasploit, Canavas or Core Impact to pound on the OS from a cracking prespective. This is only the beginning, and keep that stuff on a DMZ that is totally isolated and doesn't talk internal to organization. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -----Original Message----- From: Chyka, Robert [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:42 AM To: NT System Admin Issues Subject: Web Server Spec Question... We currently have our web site hosted off site on a partner's network. We are now brining it to our site for hosting. We have to buy a web server etc. it is going to run under IIS and needs 99.999% uptime. Would you cluster the server, just rely on redundant power, raid on the hds etc, or ???. Alos is it best to have the content be on a Raid 1 disk set? Just looking for some opinions etc. Thanks..Bob ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
