Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Separating IIS and SQL for security

Posted on 2014-01-07
7
Medium Priority
?
338 Views
Last Modified: 2014-03-04
Hello,

     I have a decent sized box that is running Windows Server 2008 R2, IIS (open to the Internet), and SQL 2008 R2. Currently SQL sole purpose is to feed data to the IIS interface. The box is behind a firewall with only port 80 (HTTP) open to the Internet. Other than performance gains, if secured properly, should I bother to separate SQL and IIS into two machines? What are the PROs and CONs of this?
Thanks in advance..
0
Comment
Question by:FNDAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 10

Accepted Solution

by:
PadawanDBA earned 500 total points
ID: 39762278
Just my 2 cents:

Cons: Increased data access latency (network latency), addition of another point of failure (network layer), more complex management, and additional hardware (or additional resource utilization of your hypervisor if you're virtualized)

Pros: Increased security (i'm always extremely loathe to have any SQL Server instance directly bordering the public world), better utilization of hardware (memory is dedicated to SQL Server only and it doesn't have to share), and better scaleability options with separate, dedicated tiers.
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 39762415
Yeah, if you want to add an additional layer of seperation, you could put the SQL server in a VM.  the difficulty there is you need a windows license to install in the Virtual Machine.  The Microsoft Hyper-V server will allow you to configure the network adapter on your VM so that only your web server can communicate with it.
0
 

Author Comment

by:FNDAdmin
ID: 39762807
No virutalization available! Physical boxes
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 9

Assisted Solution

by:Trenton Knew
Trenton Knew earned 500 total points
ID: 39762923
Honestly, if it were me... I wouldn't worry about it unless you actually started to see issues with either performance OR security.  If you start getting a lot of database calls on your SQL server and it slows down the web application, then maybe get a bigger beefier box for that then, but if there's no problems atm, why fix what isn't broken?  you can probably configure your firewall to block remote connections to the SQL server so that only localhost can access it.  The only risk of threat then is someone compromising your web server box, in which case, it probably wouldn't matter if they were seperate anyway.  If you have a good firewall appliance in place, you probably could block remote attempts to connect to your SQL service on the box anyway.
0
 
LVL 75

Assisted Solution

by:Anthony Perkins
Anthony Perkins earned 1000 total points
ID: 39762944
should I bother to separate SQL and IIS into two machines?
Absolutely, it is a must.  The way you are running both SQL and IIS on the same server is never recommended, unless this is for a small site with little traffic.  Both applications are just competing for resources.
0
 

Author Comment

by:FNDAdmin
ID: 39769135
The current box this IIS/SQL machine is running on is a Dell R320 E5-2407 2.2GHz CPU and 16GB of RAM. SQL is currently consuming 1.4GB of RAM with a total system usage of 4.2GB RAM. (26% usage).

     My primary concern is security. Sorry that I did not stress that in my initial questions/post.
0
 
LVL 75

Assisted Solution

by:Anthony Perkins
Anthony Perkins earned 1000 total points
ID: 39769927
My primary concern is security. Sorry that I did not stress that in my initial questions/post.
You did, it is in the title.  I was just surprised that you were using a SQL Server installation in what is clearly not a recommended setup.  And even more surprised that your users are not complaining because of lousy performance.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
It is possible to export the data of a SQL Table in SSMS and generate INSERT statements. It's neatly tucked away in the generate scripts option of a database.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question