Advice on hardware configuration

Advice on hardware configuration

Post by Ken » Fri, 26 Jan 2001 08:18:58



Hello all,
    Currently my company is running our e-commerce website all on one E250
Machine.  This includes running both the webserver, and the database on the
single machine.  I've gotten the O.K. to get new hardware to make the site
as fast and stable as possible.  (It's pretty stable now, but I'd like to
make it faster and more secure).  My question is this:

What's the best hardware/network configuration to do this?

Right now the E250 is sitting in a DMZ, but that means the database is also
in the DMZ.  This is what I'd like to do:

Have a dedicated machine to run the website sitting in the DMZ and have the
database behind the firewall, just adding holes in the firewall for the
webserver to access the database behind it.

Is this optimal or is it better to have the whole shebang on one computer,
i.e. not do anything to our current setup?  Are there any sources of
information that are good for advising on these kinds of questions?  Thanks
for any help.

 
 
 

Advice on hardware configuration

Post by albertoor.. » Fri, 26 Jan 2001 14:16:55


It depends, if you want scalability, at some point you'll have to have
the DB in a dedicated machine and one or more web servers.

For security you can have a dedicated network for communication between
the DB and the web server(s), i.e. two NICs in each web server, and have
 the firewall to map through NAT or in the DMZ the external part of the
web servers, leaving no route of access from the internet to your DB.



Quote:> Hello all,
>     Currently my company is running our e-commerce website all on one
E250
> Machine.  This includes running both the webserver, and the database
on the
> single machine.  I've gotten the O.K. to get new hardware to make the
site
> as fast and stable as possible.  (It's pretty stable now, but I'd like
to
> make it faster and more secure).  My question is this:

> What's the best hardware/network configuration to do this?

> Right now the E250 is sitting in a DMZ, but that means the database is
also
> in the DMZ.  This is what I'd like to do:

> Have a dedicated machine to run the website sitting in the DMZ and
have the
> database behind the firewall, just adding holes in the firewall for
the
> webserver to access the database behind it.

> Is this optimal or is it better to have the whole shebang on one
computer,
> i.e. not do anything to our current setup?  Are there any sources of
> information that are good for advising on these kinds of questions?
Thanks
> for any help.

Sent via Deja.com
http://www.deja.com/

 
 
 

Advice on hardware configuration

Post by Rich Tee » Fri, 26 Jan 2001 15:32:54



> Have a dedicated machine to run the website sitting in the DMZ and have the
> database behind the firewall, just adding holes in the firewall for the
> webserver to access the database behind it.

I think what you're proposing is probably the best way to do it.  The O'Reilly
firewall book has some tips on setting up a database behind a firewall.
Depending on the contents of the database, it may not even be worth hiding
it behind the firewall.

--
Rich Teer

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net