May 19, 2004 at 8:34 am
I'm wondering how the "big boys" go about setting up security so that users have web access to data without compromising the security of their data and internal networks. Anyone have any ideas? I need a real-time solution - one under consideration is to use one-way replication to a server in our DMZ - however, at some point we may actually want to receive data from the DMZ as well as push out data there (so I don't see this as viable). I know this is done everyday ... can someone point me in the right direction?
Thanks,
John
May 19, 2004 at 8:39 am
I've run with a setup that had the workhorse server sitting on it's own vlan behind a firewall. Data is replicated from this server out to a couple of SQL servers in another vlan. Data is sent to those via replication. These are used for all reporting purposes, and rather than put the SQL servers out in the dmz a firewall rule is in place to allow only traffic from certain ip addresses to reach the reporting servers.
Writing to the main server would essentially be the same thing, open up a port in the firewall, but limit further the ip addresses able to access the server and the ports that are open and carefully lock down a user account that you will use to write data.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply