469,645 Members | 1,653 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,645 developers. It's quick & easy.

Web server hardware design with SQL back-end

Hi,

Still in the design process of a Windows 2003 web server with a SQL backend.
Expecting to have about 2000 visitors a day accessing lists and search
queries on a 200-300 MB db. This server will be collocated in a datacenter.
I have a few scenarios that I would appreciate in getting some
comments/criticism on:

Scenario 1:
Box 1, SBS 2003 Premium (with SQL 2000), 2GB RAM, Raid 5 HD
Based on the SBS faq, as long as visitors are not Windows authenticated, an
additional SQL Internet license is not required.
My concern with this scenario is (correct me if I'm wrong) lack of
scalability and fail-over (in the future).

Scenario 3:
Box 1, Windows 2003 Standard Edition, SQL 2000 Standard Edition, 2GB RAM,
Raid 5 HD
Do I need a processor based SQL license since it's exposed to the Internet
or is this the same case as in the SBS where an additional license is not
required?

Scenario 3:
Box 1, Windows 2003 Web Edition, 1GB RAM, Raid 1 HD
Box 2, Windows 2003 Standard Edition, SQL 2000 Standard Edition, 1GB RAM,
Raid 5 HD
Web Edition faq states that I can not deploy SQL on it. I'm guessing I can
still connect to another server's SQL.
Is this setup more secure, in the sense that the SQL is on a separate box
from the web server?

All comments are very appreciated. If you have other suggestions too, please
let me know.

Thank you

Greg


Jul 20 '05 #1
3 2338
Hi

The only option that is feasable in terms of security is the two box one.
Your web server should be on a DMZ and the database server secured behind a
firewall. I believe that you will need a per processor licence for SQL
Server see http://www.microsoft.com/sql/howtobuy/default.asp this should be
confirmed by your local microsoft dealer. As far as the hardware goes, if
you allow for expansion then you can always improve performance later if
necessary. Changes you may want to consider are a separate mirrored OS disc,
a separate disk sub-system for the log files and Raid 10 for the data files.
More on hardware can be found at:
http://www.sql-server-performance.co...e_planning.asp. You will
also need to lock down the webserver and database and plan the security
aspects of the system. See
http://www.sqlsecurity.com/DesktopDe...ndex=0&tabid=1
http://www.microsoft.com/sql/techinf...ty/default.asp
http://www.microsoft.com/security/gu...dtech/IIS.mspx

Also make sure that you have suitable backup and disaster recovery plans.
John

"Greg Adourian" <gr**@dontspam.com> wrote in message
news:F3*********************@weber.videotron.net.. .
Hi,

Still in the design process of a Windows 2003 web server with a SQL backend. Expecting to have about 2000 visitors a day accessing lists and search
queries on a 200-300 MB db. This server will be collocated in a datacenter. I have a few scenarios that I would appreciate in getting some
comments/criticism on:

Scenario 1:
Box 1, SBS 2003 Premium (with SQL 2000), 2GB RAM, Raid 5 HD
Based on the SBS faq, as long as visitors are not Windows authenticated, an additional SQL Internet license is not required.
My concern with this scenario is (correct me if I'm wrong) lack of
scalability and fail-over (in the future).

Scenario 3:
Box 1, Windows 2003 Standard Edition, SQL 2000 Standard Edition, 2GB RAM,
Raid 5 HD
Do I need a processor based SQL license since it's exposed to the Internet
or is this the same case as in the SBS where an additional license is not
required?

Scenario 3:
Box 1, Windows 2003 Web Edition, 1GB RAM, Raid 1 HD
Box 2, Windows 2003 Standard Edition, SQL 2000 Standard Edition, 1GB RAM,
Raid 5 HD
Web Edition faq states that I can not deploy SQL on it. I'm guessing I can
still connect to another server's SQL.
Is this setup more secure, in the sense that the SQL is on a separate box
from the web server?

All comments are very appreciated. If you have other suggestions too, please let me know.

Thank you

Greg

Jul 20 '05 #2
Thank you for your answers.
Do you think Win2003 Web Edition is sufficient or I would need a Windows
2003 Standard as well.

Thanks

"John Bell"

The only option that is feasable in terms of security is the two box one.
Your web server should be on a DMZ and the database server secured behind a firewall. I believe that you will need a per processor licence for SQL
Server see http://www.microsoft.com/sql/howtobuy/default.asp this should be confirmed by your local microsoft dealer. As far as the hardware goes, if
you allow for expansion then you can always improve performance later if
necessary. Changes you may want to consider are a separate mirrored OS disc, a separate disk sub-system for the log files and Raid 10 for the data files. More on hardware can be found at:
http://www.sql-server-performance.co...e_planning.asp. You will
also need to lock down the webserver and database and plan the security
aspects of the system. See
http://www.sqlsecurity.com/DesktopDe...ndex=0&tabid=1
http://www.microsoft.com/sql/techinf...ty/default.asp http://www.microsoft.com/security/gu...dtech/IIS.mspx

Also make sure that you have suitable backup and disaster recovery plans.

Jul 20 '05 #3
Hi

If you are using it to run IIS then that is what Web Edition is intended
for. This may help
http://www.microsoft.com/windowsserv...eeditions.mspx
http://www.microsoft.com/windowsserv...rview/web.mspx

You should not be running other processes on your web server as it may get
compromised.

John

"Greg A" <gr**@dontspam.com> wrote in message
news:Um*********************@weber.videotron.net.. .
Thank you for your answers.
Do you think Win2003 Web Edition is sufficient or I would need a Windows
2003 Standard as well.

Thanks

"John Bell"

The only option that is feasable in terms of security is the two box one. Your web server should be on a DMZ and the database server secured behind
a
firewall. I believe that you will need a per processor licence for SQL
Server see http://www.microsoft.com/sql/howtobuy/default.asp this should be
confirmed by your local microsoft dealer. As far as the hardware goes,

if you allow for expansion then you can always improve performance later if
necessary. Changes you may want to consider are a separate mirrored OS

disc,
a separate disk sub-system for the log files and Raid 10 for the data

files.
More on hardware can be found at:
http://www.sql-server-performance.co...e_planning.asp. You will
also need to lock down the webserver and database and plan the security
aspects of the system. See
http://www.sqlsecurity.com/DesktopDe...ndex=0&tabid=1

http://www.microsoft.com/sql/techinf...ty/default.asp
http://www.microsoft.com/security/gu...dtech/IIS.mspx

Also make sure that you have suitable backup and disaster recovery

plans.

Jul 20 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Thomas Brathans | last post: by
35 posts views Thread by English Teacher | last post: by
reply views Thread by Cindy B | last post: by
6 posts views Thread by John | last post: by
3 posts views Thread by datapro01 | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.