Do i still need Public IP address?

I have a desktop application i was trying to convert for Web access. The application is for the Head office and 5 other branches.I have already suggested VSAT installations to my client before now.

A colleague then suggested i should use ASP for the web services.That it would be easier for the branches to have access via the internet.But that i would also need a Public IP address for the branches to be able to have access to the application on the NET.

How far away am i from reality? Do i also truely need a Public IP address for this application to run?What other hardware/software infrastructure have i missed out that i have to include for this project to be successful.

I have never handled an Enterprise solution of this magnitude before....please tutor me.
Who is Participating?
William ElliottConnect With a Mentor Sr Tech GuruCommented:
first i'd have the application working in house before you mess with externall connections..

next i'd get the plan for setting up external connections. assuming you have internet access you will have an external address already. (although dynamic and not static)

you can test the application with the dynamic ipaddress (your network guy shoudl tell you what this is or how to get it - or look at the router to find it)

once you have tested your application with the dynamic ip addres to make sure the scurity is correct, then you can link it to a static ip address.. to get this you will have to contact your ISP and set one up (they cost a lot more $$$)

now that you have everything in polace you will need to make sure it is secure.. firewalls, DMZ's, IDS,. etc,

does this help?
William ElliottSr Tech GuruCommented:
how do the other branches connect to youe brach? is there a connection at all?
if so, then you can utilize that connection in order to allow the other branches to connect to your app.

if they currently have no direct link to your office, then they will need one.  a possible option is an external IP address that they can connect to.  (you can get a domain name too if you wanted)

where i work we have dedicated ISDN or t-3 connection to all of our offices so we don't haev to be opn to the public
ukconceptsAuthor Commented:
Thanks Weellio.

No connection has been established yet.I only proposed a VSAT connection.I was worried that should that i have an alternative?

which one is external IP address again? Thought am familiar with Public and Private.

The ultimate is what infrastructures(step by step) do i need to put in place for the branches to have access to my database as well as customers to be able to view their statements on the internet

Step by step please....
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

I am confused,
Are you asking if you have to have a public IP for you web app to be accessed ?
ukconceptsAuthor Commented:

Yes. or what exactly do i order that

1. All the branches can have access to the application
2. The customers that could be anywhere could also have access to their statements

Any suggestion would help
So, the answer to your question is "yes" then. If you (a) have sites that do not already have a common LAN or private WAN or VPN-solution accomplishing the same and/or (b) folks will have to get to it over the internet to view the content --- it'll have to have a public IP.

As far as a step-by-step process to make it all happen, the algorithm is complex. At a very, very high and basic level:

(1) Get a couple circuits and a few public IPs from multiple carriers (Verizon, L3, Qwest) where database lives
(2) Determine how they'll reference the IP address -- might need to get this into DNS, maybe not depending
(3) Connect circuits to redundant FW "feature set" routers using a high availability protocol such as HSRP
(4) Put at least one public IP from each carrier on each router in a highly-available configuration
(5) Use redundant switches on the inside for database server -- assuming it's a multihomed HA cluster, connect each NIC to a different switch.
(6) Between "outside" routers and the "inside" switches place an enterprise firewall cluster - locked down tightly. Also use your favorite intrusion detection system at the "inside" switch.
(7) Encrypt the traffic using something strong, at minimum SSL, an IPsec VPN solution is best though.
(8) Branch(es) can connect to database -- IMO, I'd just serve up the DB requests - letting branch location(s) take care of actual statements and such, hitting the database for replication as needed. Otherwise, it's just too risky with the nature of that type of data.

Diagram:    (hopefully the pre tags work)


            ---- public/routed ----   |  ---- private/switched ----

| ISP 0 |   -->|*********|   -->|***********|   -->|**********|   -->|******************|
               | Routers |      | Firewalls |      | Switches |      | IDS and Services |
| ISP 1 |   -->|*********|   -->|***********|   -->|**********|   -->|******************|


Hopefully that helped give you a nudge in the right direction.

Darn pre tags didn't work.  I think it's still readable though.
ukconceptsAuthor Commented:

you can make it simple for me. Are you suggesting i talk to an ISP?

I want my Database Server and possibly my Web Server resident in my clients office. What do i do?


My Database Server in the client's office and the Web Server with a host provider.

I dont quite get what you mean by Internet access in this context.Because i do have internet connectivity and my client has a website already. CAN i still use this Website.

I have tested my application all on one machine and it works fine. My fear is when i separate the Database Server and the Web Server....will it still work?
> Yes. or what exactly do i order that
> 1. All the branches can have access to the application
> 2. The customers that could be anywhere could also have access to their statements

if your branches are connected via some kind of leased line, then you don't need a public IP
if your branches and customers connect through "internet" then you need a public IP 'cause you cannot be reached otherwise through internet
William ElliottSr Tech GuruCommented:
my context is,.. if you can get to the internet, then you aleady have a public ipaddress...
thus,... you need to make sure your application works(not locally, but over the internet),. before you even bother with getting the static external address.

you mention that you alreay have a website. who 'hosts' this website? is it hosted onsite of offsite? you may be able to set it up to log in through the website depending on your current configuration.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.