Web server hardware design with SQL back-end

Hi,

Still in the design process of a Windows 2003 web server with a SQL backend. Expecting to have about 2000 visitors a day accessing lists and search
queries on a 200-300 MB db. This server will be collocated in a datacenter. I have a few scenarios that I would appreciate in getting some
comments/criticism on:

Scenario 1:
Box 1, SBS 2003 Premium (with SQL 2000), 2GB RAM, Raid 5 HD
Based on the SBS faq, as long as visitors are not Windows authenticated, an additional SQL Internet license is not required.
My concern with this scenario is (correct me if I'm wrong) lack of
scalability and fail-over (in the future).

Scenario 3:
Box 1, Windows 2003 Standard Edition, SQL 2000 Standard Edition, 2GB RAM,
Raid 5 HD
Do I need a processor based SQL license since it's exposed to the Internet
or is this the same case as in the SBS where an additional license is not
required?

Scenario 3:
Box 1, Windows 2003 Web Edition, 1GB RAM, Raid 1 HD
Box 2, Windows 2003 Standard Edition, SQL 2000 Standard Edition, 1GB RAM,
Raid 5 HD
Web Edition faq states that I can not deploy SQL on it. I'm guessing I can
still connect to another server's SQL.
Is this setup more secure, in the sense that the SQL is on a separate box
from the web server?

All comments are very appreciated. If you have other suggestions too, please let me know.

Thank you

Greg

The only option that is feasable in terms of security is the two box one.
Your web server should be on a DMZ and the database server secured behind a firewall. I believe that you will need a per processor licence for SQL
Server see http://www.microsoft.com/sql/howtobuy/default.asp this should be confirmed by your local microsoft dealer. As far as the hardware goes, if
you allow for expansion then you can always improve performance later if
necessary. Changes you may want to consider are a separate mirrored OS disc, a separate disk sub-system for the log files and Raid 10 for the data files. More on hardware can be found at:
http://www.sql-server-performance.co...e_planning.asp. You will
also need to lock down the webserver and database and plan the security
aspects of the system. See
http://www.sqlsecurity.com/DesktopDe...ndex=0&tabid=1
http://www.microsoft.com/sql/techinf...ty/default.asp http://www.microsoft.com/security/gu...dtech/IIS.mspx

Also make sure that you have suitable backup and disaster recovery plans.

Thank you for your answers.
Do you think Win2003 Web Edition is sufficient or I would need a Windows
2003 Standard as well.

Thanks

"John Bell"

The only option that is feasable in terms of security is the two box one. Your web server should be on a DMZ and the database server secured behind

a

firewall. I believe that you will need a per processor licence for SQL
Server see http://www.microsoft.com/sql/howtobuy/default.asp this should be

confirmed by your local microsoft dealer. As far as the hardware goes,

if you allow for expansion then you can always improve performance later if
necessary. Changes you may want to consider are a separate mirrored OS

disc,

a separate disk sub-system for the log files and Raid 10 for the data

files.

More on hardware can be found at:
http://www.sql-server-performance.co...e_planning.asp. You will
also need to lock down the webserver and database and plan the security
aspects of the system. See
http://www.sqlsecurity.com/DesktopDe...ndex=0&tabid=1

http://www.microsoft.com/sql/techinf...ty/default.asp

http://www.microsoft.com/security/gu...dtech/IIS.mspx

Also make sure that you have suitable backup and disaster recovery

plans.