• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 209
  • Last Modified:

2 x 200 servers one internet

Hello Eperts,
i have 2 clients to wich are in the same biulding both clients have a dc each sharing the internet, they both want to to be isolated from each other so i though easy i will just run a couple of routers? BUT, they want to share a particular application on one of the servers?
can you shed some light on this to how i could go about it?

Cheers
m8trex
0
m8trex
Asked:
m8trex
2 Solutions
 
Leon FesterCommented:
Isolate each network firstly by:running on different IP ranges(i.e. segment the network)

Consider installing a suitable software firewall between the two networks, may I recommend ISA Server 2004 - I'm biased OK :)

Install Shared application on firewall server.
0
 
prueconsultingCommented:
Firstly comment to above poster. Installing applications on a firewall is a bad idea.. A firewall should be a host that is only used for that reason.



You can isolate them a number of different ways.

Put them on different Ip ranges and Vlans if they are sharing the same switching infrastructure.

Place a firewall device of <insert favourite flavour here> since I am not biased as to any vendors product or solution. Create an acl which will allow the other client network to access the application server.


Or if there is a security concern.

Put the application server into vlan 3 running on a seperate ip range behind the firewall and create Acls to allow and disallow access from each perspective client which wiill be accessing it .

Obviously the application will have some dependance on how this is implemented.
0
 
m8trexAuthor Commented:
thanks guys,
I have also done a bit more investigating,
is it possible to have a router/ dsl modem in one ip rage then run into seperate routers in differnet ip ranges with subnet 255.255.255.0
then run a ms virtual server 2005 on one of the dc2000 servers and run a seperate lan card back into router/ dsl modem range on output?



Thanks for you advise
m8trex
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
prueconsultingCommented:
Yes this is possible.
0
 
m8trexAuthor Commented:
thanks prueconsulting,
security wise and stability would you think this would be a good option?
just seems easier?

Ta m8trex
0
 
prueconsultingCommented:
This is very similar to the suggestion of using VLANs to segregate. If implemented properly it can be very secure and stable.
0
 
cduke250Commented:
don't use vlans unless you have too.  

I would opt for a single router in the middle with at least 4 ports.

1 port goes to your computer
2 port goes to other computer
3 port is configured as "DMZ" de-militarized zone" where the application will be installed on a computer and plugged in to this port.. Then you can both access it but not each other.
4 port is the "WAN" port that connects to your cable/dsl modem, or your higher up router.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now