rljack01
asked on
How do I setup MS Server 2003 x64 r2 to be an e-commerce server?
How do I setup MS Server 2003 to be an e-commerce server?
also
Which is better to use:
1- SBS 2003 r2 or
2- MS Server 2003 64 bit Standard or
3- MS Server 2003 x64 Enterprise edition?
I am new at this and I'm setting up a small e-commerce site.
Where the best place for me to learn about web applications or to get a packaged suite?
Thanks, rljack01
also
Which is better to use:
1- SBS 2003 r2 or
2- MS Server 2003 64 bit Standard or
3- MS Server 2003 x64 Enterprise edition?
I am new at this and I'm setting up a small e-commerce site.
Where the best place for me to learn about web applications or to get a packaged suite?
Thanks, rljack01
ASKER
RE: SBS and Web Server
Although SBS 2003 r2 Premium, which I have, seemed to be a good option to me I was advised against it by an SBS Security consultant.
Advice received:
"If your objective is to provide a web server for commerce, you are better to use a dedicated box for this function, and reduce the attack surface to the bare minimum of services (HTTP/HTTPS and maybe RDP). SBS is a great platform as a single office intranet server with external access to business assets for employees (ie VPN, RWW etc). However, you should NOT be exposing IIS to the world.... especially if you wish to complete credit card transactions on the server, as regulatory compliance such as PCI DSS make it much more difficult."
"You should keep the SBS box for office use. Use a separate server dedicated for secure transaction functionality (ie: shopping cart) which can be exposed to the world. In this way, you effectively DMZ your corporate information and access from the public access to complete online transactions. If you dont wish to manage another box, consider renting a Srv03 SE virtual machine from Own Web Now."
rljack01
Although SBS 2003 r2 Premium, which I have, seemed to be a good option to me I was advised against it by an SBS Security consultant.
Advice received:
"If your objective is to provide a web server for commerce, you are better to use a dedicated box for this function, and reduce the attack surface to the bare minimum of services (HTTP/HTTPS and maybe RDP). SBS is a great platform as a single office intranet server with external access to business assets for employees (ie VPN, RWW etc). However, you should NOT be exposing IIS to the world.... especially if you wish to complete credit card transactions on the server, as regulatory compliance such as PCI DSS make it much more difficult."
"You should keep the SBS box for office use. Use a separate server dedicated for secure transaction functionality (ie: shopping cart) which can be exposed to the world. In this way, you effectively DMZ your corporate information and access from the public access to complete online transactions. If you dont wish to manage another box, consider renting a Srv03 SE virtual machine from Own Web Now."
rljack01
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I do not require AD for the eCommerce application but I have Server 2003 and Sql 2k5 and ISA 2004.
Is that all that is needed except for SSL for an eCommerce site?
I have standard cable HSI service currently. Is that what you meant?
I think that I'm going to interface with eBay istead of a standalone eCommerce site as that will give me ordering security especially with PayPal functionality within eBay.
The cost / benefit, as far as I know, of working through eBay has more advantages that justify the costs. However, I may not be currently aware of all costs and any Risk mitigation requirements. But I'll have to revisit that if subsequently I learn that there are additional costs.
Initially I'll start rather small and when I earn adequate income I may be able to invest in a hosted server that would offload system maintenance from me while providing other benefits.
I have a trial (120 days) copy of MS VPC 2007 and a full copy of an earlier MS VPC. What are the benefits of using VPC vs. my having an onsite server or a hosted server?
rljack01
Is that all that is needed except for SSL for an eCommerce site?
I have standard cable HSI service currently. Is that what you meant?
I think that I'm going to interface with eBay istead of a standalone eCommerce site as that will give me ordering security especially with PayPal functionality within eBay.
The cost / benefit, as far as I know, of working through eBay has more advantages that justify the costs. However, I may not be currently aware of all costs and any Risk mitigation requirements. But I'll have to revisit that if subsequently I learn that there are additional costs.
Initially I'll start rather small and when I earn adequate income I may be able to invest in a hosted server that would offload system maintenance from me while providing other benefits.
I have a trial (120 days) copy of MS VPC 2007 and a full copy of an earlier MS VPC. What are the benefits of using VPC vs. my having an onsite server or a hosted server?
rljack01
ASKER
The issue of bandwidth cost is a concern. I will look closely at the cost / benefits of a hosted solution.
For the list prodided by yourself for a small site Small Business Server Premium would be good as it would provide sql for your databases(All be it you could use mysql as another option) But it would also provide ISA, which of course setup correctly would provide a good software firewall. But this in mind has alot of features that you would most likely not use such as active directory.. So to go for this option for ISA alone wouldnt be worth it.
Heres a good breakdown of features that each version provides.
http://www.microsoft.com/technet/windowsserver/evaluate/features/compare.mspx
Kind Regards
Steve