We are going to be implementing a new in-house online banking platform. It
will incorporate several different servers (webserver, database server,
middleware server). I need to determine a secure method for incorporating
this into our network, and I have some questions:
1) How many DMZs do you think I should have? The webserver will go into one,
but should the database servers and middleware servers go into the same DMZ
or go into their own DMZs? Or do I just put the database and middleware
servers into our internal LAN?
2) The webserver will need to communicate with a core processing server that
resides on our internal LAN. Is there any miracle solution to allow this
communcation to occur other than opening ports on the firewall?
3) How do you normally handle Windows domain membership for servers that are
in a DMZ. Do you make them part of your internal network's domain, have them
be in their own domain, or leave all of them in a workgroup?
4) Not necessarily related to the above questions, but how do you generally
determine how many DMZs to have on your network? Any particular reason you
wouldn't want to put a number of unrelated servers in a DMZ to minimize the
number of DMZs you need?
Thanks for your assistance!
|
Similar Threads
Linear Mode
