WINDOWS SERVER 2012 R2 STANDARD IIS AND FILE SERVER.

We have a WINDOWS 2012 R2 STANDARD setup which is currently being used as a File and Sage Accounts & Payroll server.

We now have a requirement to host a number of Domain Websites on it (re: not Intranet) - if we add the necessary IIS roles etc in order to do this would there be any negative issues to its current role, any additional costs / licenses involved etc?

Thank You.
awall2012Asked:
Who is Participating?
 
Harper McDonaldCommented:
Personally, I would either build out another VM / or physical server for the websites (or have them hosted offsite) - sounds like too many point of single failure, especially with a server running payroll.
0
 
DMTechGrooupCommented:
A lot depends on how much traffic you expect, what types of web languages you might need (asp, php, etc).. Its ideal to have it on its own server but it can be locked down pretty well.  But I agree that hosting them offsite is preferred.. someplace like 1&1 offers unlimited linux or windows hosting for 4 bucks a month.. $48 bucks a year to host unlimited web sites with a 99.9% uptime is not bad.  Do you need any cross firewall sharing like a SQL DB or something?
0
 
Dan McFaddenSystems EngineerCommented:
Negative issues... yes.  You will now have to expose your server to the Internet in order to bring those websites online.  This presents the issue that everything running on the server is essentially exposed to the Internet.  Meaning, 1 forgotten configuration item, a poorly coded web site, a forgotten patch and such leaves all the data assets on the server vulnerable to being attacked.

I would never recommend deploying a file server as an Internet exposed web server.  I would absolutely NOT exposed the payroll server to the Internet as a web server.  Too much private data associated with payroll info.

The payroll item alone is a red flag.  Here are the arguments against using your existing server for hosting externally exposed web sites:

1. payroll data is stored on the server.  what would the cost to the company be, if that data was stolen?
2. accounting/book keeping data is stored on the server.  what would the cost be to the company is the accounting system was breached and the data deleted?
3. file services.  what would it cost the company if the file server went off line after the contents was taken?

So, as Harper recommended... a dedicated server is the only way to go given the existing server roles.

Dan
0
 
awall2012Author Commented:
great , thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.