• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 209
  • Last Modified:

2 x 200 servers one internet

Hello Eperts,
i have 2 clients to wich are in the same biulding both clients have a dc each sharing the internet, they both want to to be isolated from each other so i though easy i will just run a couple of routers? BUT, they want to share a particular application on one of the servers?
can you shed some light on this to how i could go about it?

2 Solutions
Leon FesterCommented:
Isolate each network firstly by:running on different IP ranges(i.e. segment the network)

Consider installing a suitable software firewall between the two networks, may I recommend ISA Server 2004 - I'm biased OK :)

Install Shared application on firewall server.
Firstly comment to above poster. Installing applications on a firewall is a bad idea.. A firewall should be a host that is only used for that reason.

You can isolate them a number of different ways.

Put them on different Ip ranges and Vlans if they are sharing the same switching infrastructure.

Place a firewall device of <insert favourite flavour here> since I am not biased as to any vendors product or solution. Create an acl which will allow the other client network to access the application server.

Or if there is a security concern.

Put the application server into vlan 3 running on a seperate ip range behind the firewall and create Acls to allow and disallow access from each perspective client which wiill be accessing it .

Obviously the application will have some dependance on how this is implemented.
m8trexAuthor Commented:
thanks guys,
I have also done a bit more investigating,
is it possible to have a router/ dsl modem in one ip rage then run into seperate routers in differnet ip ranges with subnet
then run a ms virtual server 2005 on one of the dc2000 servers and run a seperate lan card back into router/ dsl modem range on output?

Thanks for you advise
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Yes this is possible.
m8trexAuthor Commented:
thanks prueconsulting,
security wise and stability would you think this would be a good option?
just seems easier?

Ta m8trex
This is very similar to the suggestion of using VLANs to segregate. If implemented properly it can be very secure and stable.
don't use vlans unless you have too.  

I would opt for a single router in the middle with at least 4 ports.

1 port goes to your computer
2 port goes to other computer
3 port is configured as "DMZ" de-militarized zone" where the application will be installed on a computer and plugged in to this port.. Then you can both access it but not each other.
4 port is the "WAN" port that connects to your cable/dsl modem, or your higher up router.

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now