Hosted Webserver Question

Posted on 2012-09-22
Last Modified: 2014-09-30
Hi. I am doing an assignment for a course where a fictitious company hosts a public facing website which also doubles as a Intranet server for the internal company LAN. I don't want the internal LAN to bottleneck the company website connection (which is to a fibre optic connection) and thought the best way would be to create the website in a DMZ and have two NICs - one to be used to connect the server to the fibre optic connection and the other to connect to the internal LAN. I could then set up the NICs to connect to a switch which would have two VLANs - one VLAN would be for the internal network users and the other would be to connect the web server to the internet - which I am thinking would be via a router to which the aforementioned switch would be connected. That way both internal users could access the internet and the website could be available to the world without being on the same broadcast domain. This might all be hogwash though, as I am by no means a network guy and am doing this assignment as part of an overall IT course.

Any help/advice would be greatly received.
Question by:carygrant
    LVL 36

    Accepted Solution

    ideally the two web servers should be on different physical (or virtual) servers.

    if they are on the same server, then they should be bound to different addresses, these addresses could be in the same subnet.

    they should be bound to different addresses so that appropriate firewall rules can be set to only allow access to the Intranet site from internal addresses while allowing all to access the Internet site, and to allow HTTPS to be used for both sites.

    you appear to be suggesting having the web server in parallel with the firewall from the internal network to the DMZ, can you see the problem with this ?

    why are you concerned about broadcast domains ?

    Author Comment

    Thanks for the info and apologies about the delay in getting back.

    So a good solution might be to have the web server on one virtual or physical server and the Intranet server on another virtual or physical server. I was thinking they should be on different broadcast domains because it would stop the internal packets from being transmitted on the same domain as the Internet server. I am concerned about maintaining a good data transfer rate for the company web server to the outside world and did not want it being slowed down by communications emanating from the internal LAN. Perhaps I just need them to be on different collision domains and might best achieve this by using a switch/VLAN configuration to separate them.

    I hope this makes sense!

    I guess then I could just have the company website in the DMZ and the Intranet server behind it.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    The viewer will learn how to dynamically set the form action using jQuery.
    The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now