0

I need to expose our SQL Server 2008 database for an access from a asp.net web application. This is a new task for me, so I would like to know what basic security requirements are there for configuring software and hardware components of web server and DB Server.

Is it OK to have both Web Server (Windows Server 2008) with IIS holding ASP.NET application and SQL Server 2008 on the same machine?

Should I have to install additional firewall, like Forefront TMG? Should it be on separate computer?

In case a web application is hosted on an external web hosting privider server and SQL Server DB on a our internal server what are "pro's" and "con's" of such configuration?

rem
  • 213
  • 1
  • 3
  • 9

1 Answers1

2

I would say it all really depends... and I hate when people say that. Questions to ask yourself to get started:

  1. How many web servers are going to be in your environment?
  2. Can a single db server support multiple web servers?
  3. How sensitive is the data that you are hosting and allowing access to from the web server?
  4. How many CAL's do you need for end users, or are you going to be paying per processor?
  5. Do you have a stateful firewall that you are behind that you could route traffic through?

I would recommend using multiple servers if you are concerned with security at all. Especially if you gain performance and save money in the process.

doug_w
  • 236
  • 1
  • 4