Do i still need Public IP address?

Posted on 2007-12-01
Last Modified: 2010-04-30
I have a desktop application i was trying to convert for Web access. The application is for the Head office and 5 other branches.I have already suggested VSAT installations to my client before now.

A colleague then suggested i should use ASP for the web services.That it would be easier for the branches to have access via the internet.But that i would also need a Public IP address for the branches to be able to have access to the application on the NET.

How far away am i from reality? Do i also truely need a Public IP address for this application to run?What other hardware/software infrastructure have i missed out that i have to include for this project to be successful.

I have never handled an Enterprise solution of this magnitude before....please tutor me.
Question by:ukconcepts
  • 3
  • 3
  • 2
  • +2
LVL 19

Expert Comment

ID: 20389291
how do the other branches connect to youe brach? is there a connection at all?
if so, then you can utilize that connection in order to allow the other branches to connect to your app.

if they currently have no direct link to your office, then they will need one.  a possible option is an external IP address that they can connect to.  (you can get a domain name too if you wanted)

where i work we have dedicated ISDN or t-3 connection to all of our offices so we don't haev to be opn to the public

Author Comment

ID: 20389348
Thanks Weellio.

No connection has been established yet.I only proposed a VSAT connection.I was worried that should that i have an alternative?

which one is external IP address again? Thought am familiar with Public and Private.

The ultimate is what infrastructures(step by step) do i need to put in place for the branches to have access to my database as well as customers to be able to view their statements on the internet

Step by step please....
LVL 20

Expert Comment

ID: 20389444
I am confused,
Are you asking if you have to have a public IP for you web app to be accessed ?
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

LVL 19

Accepted Solution

weellio earned 500 total points
ID: 20389449
first i'd have the application working in house before you mess with externall connections..

next i'd get the plan for setting up external connections. assuming you have internet access you will have an external address already. (although dynamic and not static)

you can test the application with the dynamic ipaddress (your network guy shoudl tell you what this is or how to get it - or look at the router to find it)

once you have tested your application with the dynamic ip addres to make sure the scurity is correct, then you can link it to a static ip address.. to get this you will have to contact your ISP and set one up (they cost a lot more $$$)

now that you have everything in polace you will need to make sure it is secure.. firewalls, DMZ's, IDS,. etc,

does this help?

Author Comment

ID: 20389458

Yes. or what exactly do i order that

1. All the branches can have access to the application
2. The customers that could be anywhere could also have access to their statements

Any suggestion would help

Expert Comment

ID: 20390109
So, the answer to your question is "yes" then. If you (a) have sites that do not already have a common LAN or private WAN or VPN-solution accomplishing the same and/or (b) folks will have to get to it over the internet to view the content --- it'll have to have a public IP.

As far as a step-by-step process to make it all happen, the algorithm is complex. At a very, very high and basic level:

(1) Get a couple circuits and a few public IPs from multiple carriers (Verizon, L3, Qwest) where database lives
(2) Determine how they'll reference the IP address -- might need to get this into DNS, maybe not depending
(3) Connect circuits to redundant FW "feature set" routers using a high availability protocol such as HSRP
(4) Put at least one public IP from each carrier on each router in a highly-available configuration
(5) Use redundant switches on the inside for database server -- assuming it's a multihomed HA cluster, connect each NIC to a different switch.
(6) Between "outside" routers and the "inside" switches place an enterprise firewall cluster - locked down tightly. Also use your favorite intrusion detection system at the "inside" switch.
(7) Encrypt the traffic using something strong, at minimum SSL, an IPsec VPN solution is best though.
(8) Branch(es) can connect to database -- IMO, I'd just serve up the DB requests - letting branch location(s) take care of actual statements and such, hitting the database for replication as needed. Otherwise, it's just too risky with the nature of that type of data.

Diagram:    (hopefully the pre tags work)


            ---- public/routed ----   |  ---- private/switched ----

| ISP 0 |   -->|*********|   -->|***********|   -->|**********|   -->|******************|
               | Routers |      | Firewalls |      | Switches |      | IDS and Services |
| ISP 1 |   -->|*********|   -->|***********|   -->|**********|   -->|******************|


Hopefully that helped give you a nudge in the right direction.


Expert Comment

ID: 20390117
Darn pre tags didn't work.  I think it's still readable though.

Author Comment

ID: 20390536

you can make it simple for me. Are you suggesting i talk to an ISP?

I want my Database Server and possibly my Web Server resident in my clients office. What do i do?


My Database Server in the client's office and the Web Server with a host provider.

I dont quite get what you mean by Internet access in this context.Because i do have internet connectivity and my client has a website already. CAN i still use this Website.

I have tested my application all on one machine and it works fine. My fear is when i separate the Database Server and the Web Server....will it still work?
LVL 51

Expert Comment

ID: 20390651
> Yes. or what exactly do i order that
> 1. All the branches can have access to the application
> 2. The customers that could be anywhere could also have access to their statements

if your branches are connected via some kind of leased line, then you don't need a public IP
if your branches and customers connect through "internet" then you need a public IP 'cause you cannot be reached otherwise through internet
LVL 19

Expert Comment

ID: 20391590
my context is,.. if you can get to the internet, then you aleady have a public ipaddress...
thus,... you need to make sure your application works(not locally, but over the internet),. before you even bother with getting the static external address.

you mention that you alreay have a website. who 'hosts' this website? is it hosted onsite of offsite? you may be able to set it up to log in through the website depending on your current configuration.

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Martin
Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question