February 15, 2008 at 6:57 pm
I'm sure I'll get mixed reviews on this, but I'm looking for some oppinions and best practices. I'm setting up 2 servers for my business (small business). At minimum there will be one domain with Active Directory. 1 server will be the main business server while the other a webserver. I'll be setting up SQL 2005 on both. The OS for both is Server 2003 Enterprise. Now in doing this is it best practice to have 1 domain for both servers, 1 domain and 1 sub domain or two completely different domains for both? Also since the webserver will be configured for all the web stuff, should i run the internal intranet from this box or should I configure the main server to run the intranet?
FYI:
The SQL Server on the main will run some internal apps. Accounting, statistics, reporting, etc.
The SQL Server on the webserver will of course run potential website(s), might do some FTP stuff, and might be used to run jobs and stuff for clients and give them a place to upload files.
The biggest questions are the domain questions though.
Thanks
Strick
February 16, 2008 at 10:34 pm
General best practice would have the webserver doing just that and no more (ie https/ftp) ... it serves the webpages and talks to other servers through a firewall so that even if it were compromised, you would have additional protection on your real data (whether that be databases, financial documents etc). Of course it isn't usually a good idea to put the database server on the domain controller either but with 2 machines you dont have much choice.
You should probably ask yourself a few questions:
1) Do you really need a domain for 2 machines?
2) Can all the databases live on one server?
3) Are you confident in your ability to secure the web server enough that it "cannot" be easily hacked?
I'm not an expert by any means, but the more layers you have between the web and your sensitive data the better. I'm not sure if virtual server software would allow you to split the webserver securely.
What do you mean by "run the intranet"?
The SQL Server on the webserver will of course run potential website(s), might do some FTP stuff, and might be used to run jobs and stuff for clients and give them a place to upload files.
You don't need SQL to be on the web server for any of these things, just IIS.
February 18, 2008 at 3:40 am
Running SQL and IIS on a 2-server domain is not good practice. As already mentioned, best practice says that IIS should be isolated to its own server.
The other issue is that it is recognised bad practise to run SQL on a Domain Controller. Although some people have done this on very small domains, you are increasing security and performance risks by doing so. See for details:
http://www.sql-server-performance.com/faq/domain_controller_performance_p1.aspx
http://www.microsoft.com/sql/prodinfo/previousversions/securingsqlserver.mspx
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
February 18, 2008 at 9:45 am
We used to have 4 servers here and I never ran a domain. It isn't needed and we can sync accounts that need to be synced.
I'd honestly set up both a standalone servers and put the web database on the non-web server, using a SQL Auth account to connect only with rights to the web database.
February 18, 2008 at 11:57 am
Thanks guys,
Yeah, I know it's not good practice to have servers doing multiple roles (ie Active Directory and SQL DB on same server) or (IIS and SQL DB on same server) but of course my business is working with a limited budget right now. This is a very small (less than 5 people) business with really good potential and people, but just don't have the hardware just yet. I imagine after an increase in business and services we provided, we'll be able to begin separating the roles of some of our servers as we aquire more servers.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply