F
ffrugone
Hi,
I'm setting up a new server computer to be a database server. It will
run Windows 2003, SQL Server 2005 and host two databases. Our office
network consists of a 'Main Office' and three branch locations. I am
installing it at the 'Main Office'.
At the 'Main Office', I have a SDSL 1.1Mbps Modem/Router with four
static IP addresses connected to the internet. Inside of that,
(connected to one of the static IP addresses) I have a Linksys RV08
VPN router: it handles VPNs to each of the branch locations, (handled
at each of the branch locations by a Linksys WRV54G) erects a
firewall, and has four workstations plugged into it. Finally, also at
the 'Main Office', there is a Windows 2003 R2 domain controller. It
is dual-homed, (two ethernet cards). It also serves as a file, mail,
DNS, and antivirus server. One ethernet connection is public - to a
static IP on the SDSL router. That connection is firewalled, allowing
in only mail and http, (Outlook Web Access) requests. The other
ethernet connection is private - to the Linksys RV08. That connection
is not firewalled and handles all of the traffic from the
workstations.
My question is this:
1st Scenario - Should I connect the new SQL Server computer inside the
VPN, (connecting to a dynamic IP on the Linksys RV08) outside the VPN,
(connecting to a static IP on the SDSL router) or both? I'm afraid
that if I put it inside the VPN that the VPN overhead will slow down
the queries, (Linksys routers are not very expensive).
2nd Scenario - However, if I put it outside of the VPN, there might
be a security risk, (perhaps a SQL attack from the internet) and I
would have to reconfigure the domain controller to allow
authentication, DNS, and antivirus communication over the public
interface.
3rd Scenario - Finally, I could make the machine dual-homed. One
interface could be public, with a static IP address (handling all of
the SQL queries) and the other could be private, with a private IP
address (handling the authentication, DNS and antivirus). I'm afraid
that if I make it dual-homed though, that it would take up processing
power.
I have created a diagram with the three scenarios illustrated for
better understanding.
http://img104.imagevenue.com/view.php?image=04912_SQL_Question_Permutations_122_715lo.jpg
Can anyone tell me which way to go?
Thanks
I'm setting up a new server computer to be a database server. It will
run Windows 2003, SQL Server 2005 and host two databases. Our office
network consists of a 'Main Office' and three branch locations. I am
installing it at the 'Main Office'.
At the 'Main Office', I have a SDSL 1.1Mbps Modem/Router with four
static IP addresses connected to the internet. Inside of that,
(connected to one of the static IP addresses) I have a Linksys RV08
VPN router: it handles VPNs to each of the branch locations, (handled
at each of the branch locations by a Linksys WRV54G) erects a
firewall, and has four workstations plugged into it. Finally, also at
the 'Main Office', there is a Windows 2003 R2 domain controller. It
is dual-homed, (two ethernet cards). It also serves as a file, mail,
DNS, and antivirus server. One ethernet connection is public - to a
static IP on the SDSL router. That connection is firewalled, allowing
in only mail and http, (Outlook Web Access) requests. The other
ethernet connection is private - to the Linksys RV08. That connection
is not firewalled and handles all of the traffic from the
workstations.
My question is this:
1st Scenario - Should I connect the new SQL Server computer inside the
VPN, (connecting to a dynamic IP on the Linksys RV08) outside the VPN,
(connecting to a static IP on the SDSL router) or both? I'm afraid
that if I put it inside the VPN that the VPN overhead will slow down
the queries, (Linksys routers are not very expensive).
2nd Scenario - However, if I put it outside of the VPN, there might
be a security risk, (perhaps a SQL attack from the internet) and I
would have to reconfigure the domain controller to allow
authentication, DNS, and antivirus communication over the public
interface.
3rd Scenario - Finally, I could make the machine dual-homed. One
interface could be public, with a static IP address (handling all of
the SQL queries) and the other could be private, with a private IP
address (handling the authentication, DNS and antivirus). I'm afraid
that if I make it dual-homed though, that it would take up processing
power.
I have created a diagram with the three scenarios illustrated for
better understanding.
http://img104.imagevenue.com/view.php?image=04912_SQL_Question_Permutations_122_715lo.jpg
Can anyone tell me which way to go?
Thanks