Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 352
  • Last Modified:

Separating IIS and SQL for security

Hello,

     I have a decent sized box that is running Windows Server 2008 R2, IIS (open to the Internet), and SQL 2008 R2. Currently SQL sole purpose is to feed data to the IIS interface. The box is behind a firewall with only port 80 (HTTP) open to the Internet. Other than performance gains, if secured properly, should I bother to separate SQL and IIS into two machines? What are the PROs and CONs of this?
Thanks in advance..
0
FNDAdmin
Asked:
FNDAdmin
  • 2
  • 2
  • 2
  • +1
4 Solutions
 
PadawanDBAOperational DBACommented:
Just my 2 cents:

Cons: Increased data access latency (network latency), addition of another point of failure (network layer), more complex management, and additional hardware (or additional resource utilization of your hypervisor if you're virtualized)

Pros: Increased security (i'm always extremely loathe to have any SQL Server instance directly bordering the public world), better utilization of hardware (memory is dedicated to SQL Server only and it doesn't have to share), and better scaleability options with separate, dedicated tiers.
0
 
Trenton KnewOwner / Computer WhispererCommented:
Yeah, if you want to add an additional layer of seperation, you could put the SQL server in a VM.  the difficulty there is you need a windows license to install in the Virtual Machine.  The Microsoft Hyper-V server will allow you to configure the network adapter on your VM so that only your web server can communicate with it.
0
 
FNDAdminAuthor Commented:
No virutalization available! Physical boxes
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
Trenton KnewOwner / Computer WhispererCommented:
Honestly, if it were me... I wouldn't worry about it unless you actually started to see issues with either performance OR security.  If you start getting a lot of database calls on your SQL server and it slows down the web application, then maybe get a bigger beefier box for that then, but if there's no problems atm, why fix what isn't broken?  you can probably configure your firewall to block remote connections to the SQL server so that only localhost can access it.  The only risk of threat then is someone compromising your web server box, in which case, it probably wouldn't matter if they were seperate anyway.  If you have a good firewall appliance in place, you probably could block remote attempts to connect to your SQL service on the box anyway.
0
 
Anthony PerkinsCommented:
should I bother to separate SQL and IIS into two machines?
Absolutely, it is a must.  The way you are running both SQL and IIS on the same server is never recommended, unless this is for a small site with little traffic.  Both applications are just competing for resources.
0
 
FNDAdminAuthor Commented:
The current box this IIS/SQL machine is running on is a Dell R320 E5-2407 2.2GHz CPU and 16GB of RAM. SQL is currently consuming 1.4GB of RAM with a total system usage of 4.2GB RAM. (26% usage).

     My primary concern is security. Sorry that I did not stress that in my initial questions/post.
0
 
Anthony PerkinsCommented:
My primary concern is security. Sorry that I did not stress that in my initial questions/post.
You did, it is in the title.  I was just surprised that you were using a SQL Server installation in what is clearly not a recommended setup.  And even more surprised that your users are not complaining because of lousy performance.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now