Solved

Setting up a Colo Web Farm

Posted on 2007-03-20
2
240 Views
Last Modified: 2013-12-25
Currently: We have six dedicated servers, hosted with a company. We do not own the servers.

The Need: To purchase servers and additional hardware and move to a colocated environment. Servers will all be Windows 2003 Server based.

The Question: What do we need, hardware wise.

More Details: Currently, everything is setup for us. We have six dedicated servers and about 20 e-commerce sites split amoung them (with one server hosting MS SQL Server). We plan to purchase seven new servers (1 MSSQL box, 1 backup box, 1 image server, and 4 web servers). We will also be adding at least four more servers over the coming year. We know how to purchase the servers. The question that comes into play is how best to setup and secure everything.

1: For instance, the DB server should not be accessible via the internet as it stores sensitive information. So how do we go about doing this? Are the dual integrated NIC's on all the servers enough? Is there something we need router wise to accomplish having a public and private network? What about a firewall?

2: Also -- how do we go about defining how IP addresses and nameservers are handled? Right now, each of our web servers has about 20 ip address assigned to it. This would certainly need to be the case going forward, as we have multiple SSL certs and various apps that need a dedicated IP address. Are we going to need to setup our own name server, and if so, can Windows 2003 handle this, or do we need some other hardware? For instance, what happens if we need to move a website from one server to another (server 1 fails, we have a complete backup on server 2 -- we need to get that site up on server 2 asap). Do we tell the router how to redirect traffic, or is this something a dns server handles?

I would gladly pay for these answers, but after trying a couple of the "guru" sites, along with all the major web hosting forums, we've come up short handed. We get piece-meal answers to our questions, and we've even offered to pay for the help! EE, you're my last hope at getting pointed in the right direction!

I apologize if I've asked too many questions -- I'll gladly split these up into multiple questions if need be.
0
Comment
Question by:1BC
2 Comments
 
LVL 30

Accepted Solution

by:
IanTh earned 250 total points
ID: 18770140
well I can answer a few points

point 1. well a good way to do a secure connection is by a second network where your db server for instance is on a seperate subnet from your main servers. This way your servers can get what they require but the external client can not get anything from that subnet. This can be achieved by a second nic with a cross over cable to the db server.
point 2. Windows 2003 can do this but it woulb be a good idea to have 2 dns servers yourself. The problem your going to have with moving ip addresses is dns propergation can take upto 72 hours and your server visibility would be affected in thus way. I would think using clutering may overcome this problem.
0
 
LVL 1

Assisted Solution

by:tcibrian
tcibrian earned 250 total points
ID: 19113812
OK,
I understant how you have struggled to find a comprehernsive answer to your questions..... I operate a small data center in LA with many aspects of the situations that you are describing in your question. One of the reasons that I like to participate in some of these forums is that it gives me an opportunity to share the knowledge that others have given to me and also help others avoid some painfull pit falls that I have experienced in the past. That being said, if you want to email me @ support@t3networks.net I will try to help you in great detail! Otherwise when I am not so tired I can post a proper response in this question.

However, to respond to the previous ancwer... if you have your own SOA DNS servers for the zones in question.. any changes that you make to that zone can be reflected immediatley to the entire DNS system. You can also setup a secondary host record for the backup site and if the primary lookup fails then the secondary will respond... but there are many ways to accomplish what you are trying to achive!

Good Luck!
Brian
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now