Link to home
Create AccountLog in
Avatar of awall2012
awall2012Flag for United Kingdom of Great Britain and Northern Ireland

asked on

WINDOWS SERVER 2012 R2 STANDARD IIS AND FILE SERVER.

We have a WINDOWS 2012 R2 STANDARD setup which is currently being used as a File and Sage Accounts & Payroll server.

We now have a requirement to host a number of Domain Websites on it (re: not Intranet) - if we add the necessary IIS roles etc in order to do this would there be any negative issues to its current role, any additional costs / licenses involved etc?

Thank You.
ASKER CERTIFIED SOLUTION
Avatar of Harper McDonald
Harper McDonald
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
A lot depends on how much traffic you expect, what types of web languages you might need (asp, php, etc).. Its ideal to have it on its own server but it can be locked down pretty well.  But I agree that hosting them offsite is preferred.. someplace like 1&1 offers unlimited linux or windows hosting for 4 bucks a month.. $48 bucks a year to host unlimited web sites with a 99.9% uptime is not bad.  Do you need any cross firewall sharing like a SQL DB or something?
Avatar of Dan McFadden
Negative issues... yes.  You will now have to expose your server to the Internet in order to bring those websites online.  This presents the issue that everything running on the server is essentially exposed to the Internet.  Meaning, 1 forgotten configuration item, a poorly coded web site, a forgotten patch and such leaves all the data assets on the server vulnerable to being attacked.

I would never recommend deploying a file server as an Internet exposed web server.  I would absolutely NOT exposed the payroll server to the Internet as a web server.  Too much private data associated with payroll info.

The payroll item alone is a red flag.  Here are the arguments against using your existing server for hosting externally exposed web sites:

1. payroll data is stored on the server.  what would the cost to the company be, if that data was stolen?
2. accounting/book keeping data is stored on the server.  what would the cost be to the company is the accounting system was breached and the data deleted?
3. file services.  what would it cost the company if the file server went off line after the contents was taken?

So, as Harper recommended... a dedicated server is the only way to go given the existing server roles.

Dan
Avatar of awall2012

ASKER

great , thanks