• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

Hosted Webserver Question

Hi. I am doing an assignment for a course where a fictitious company hosts a public facing website which also doubles as a Intranet server for the internal company LAN. I don't want the internal LAN to bottleneck the company website connection (which is to a fibre optic connection) and thought the best way would be to create the website in a DMZ and have two NICs - one to be used to connect the server to the fibre optic connection and the other to connect to the internal LAN. I could then set up the NICs to connect to a switch which would have two VLANs - one VLAN would be for the internal network users and the other would be to connect the web server to the internet - which I am thinking would be via a router to which the aforementioned switch would be connected. That way both internal users could access the internet and the website could be available to the world without being on the same broadcast domain. This might all be hogwash though, as I am by no means a network guy and am doing this assignment as part of an overall IT course.

Any help/advice would be greatly received.
1 Solution
ideally the two web servers should be on different physical (or virtual) servers.

if they are on the same server, then they should be bound to different addresses, these addresses could be in the same subnet.

they should be bound to different addresses so that appropriate firewall rules can be set to only allow access to the Intranet site from internal addresses while allowing all to access the Internet site, and to allow HTTPS to be used for both sites.

you appear to be suggesting having the web server in parallel with the firewall from the internal network to the DMZ, can you see the problem with this ?

why are you concerned about broadcast domains ?
carygrantAuthor Commented:
Thanks for the info and apologies about the delay in getting back.

So a good solution might be to have the web server on one virtual or physical server and the Intranet server on another virtual or physical server. I was thinking they should be on different broadcast domains because it would stop the internal packets from being transmitted on the same domain as the Internet server. I am concerned about maintaining a good data transfer rate for the company web server to the outside world and did not want it being slowed down by communications emanating from the internal LAN. Perhaps I just need them to be on different collision domains and might best achieve this by using a switch/VLAN configuration to separate them.

I hope this makes sense!

I guess then I could just have the company website in the DMZ and the Intranet server behind it.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now