Guest JimA Posted November 27, 2007 Posted November 27, 2007 I currently have: an SBS2003 server SP1, a Windows server 2003 server running financials, a Windows Storage Server 2003 (64bit) for Backups, a Linux server. A custom web app was developed externally and I need to host this site in our site. questions: 1. Our current site is hosted externally and controlled in another country. 2. We do not have an intranet, but do have RWW and Sharepoint (not being used) 3. This web app will only be used by our staff and will have no external customers. Some will be remote. I have had little experience setting up a webserver from scratch. 1. Do I need an external domain name to have this available to external staff? 2. Do I need an External IP and were would I get this? My ISP? 3. What other type of setup is needed? I have purchased a Blade server with Windows server 2003 and SQL for the app to reside on. Your assistance is greatly appreciated as I must get this application up and running pretty quickly. -- Jim A.
Guest Lanwench [MVP - Exchange] Posted November 27, 2007 Posted November 27, 2007 Re: setting up a webserver JimA <JimA@discussions.microsoft.com> wrote: > I currently have: an SBS2003 server SP1, a Windows server 2003 server > running financials, a Windows Storage Server 2003 (64bit) for Backups, > a Linux server. A custom web app was developed externally and I need > to host this site in our site. What's the justification for bringing this in house? Honestly, even if you're limiting the access to employees, opening up HTTP traffic to your LAN is rarely a good idea. A good outside hosting company can offer you security/redundancy/support that your office network can't possibly equal. > questions: > > 1. Our current site is hosted externally and controlled in another > country. It doesn't need to be in another country, though :-) > 2. We do not have an intranet, but do have RWW and Sharepoint (not > being used) Well, technically speaking, you *do* have an intranet, even if you don't use it :-) You might look into RWW for your remote users; it's "poor man's terminal server" and is quite handy. > 3. This web app will only be used by our staff and will have no > external customers. Some will be remote. > > I have had little experience setting up a webserver from scratch. > > 1. Do I need an external domain name to have this available to > external staff? No, but don't you have a registered domain name already? You could use http://<publicIPaddress> if you wanted, but I don't like having to remember IP addresses. > 2. Do I need an External IP and were would I get this? My ISP? Yes - you must have one already, or you would have no internet access. Ideally, if you're puting a webserver in, you should have more than one public IP, so you can set up a DMZ (demilitarized zone) and put your webserver in there. You can allow LAN-->DMZ, and WAN-->DMZ traffic, without letting WAN-->LAN on the often-exploited port 80 used for HTTP . If you're allowing HTTP traffic into your network, it should not be allowed to touch your LAN, for reasons of security. It's quite bad enough to let in HTTPS for OWA, but you really have no choice there. > 3. What other type of setup is needed? If you're going to properly isolate this in a DMZ, check out http://en.wikipedia.org/wiki/Demilitarized_zone_(computing) for a guide/info. > > I have purchased a Blade server with Windows server 2003 and SQL for > the app to reside on. > > Your assistance is greatly appreciated as I must get this application > up and running pretty quickly. For specifics about IIS, post in an IIS group. My advice above is general server networking/security stuff - HTH..
Guest JimA Posted November 27, 2007 Posted November 27, 2007 Re: setting up a webserver > JimA <JimA@discussions.microsoft.com> wrote: > > I currently have: an SBS2003 server SP1, a Windows server 2003 server > > running financials, a Windows Storage Server 2003 (64bit) for Backups, > > a Linux server. A custom web app was developed externally and I need > > to host this site in our site. > > What's the justification for bringing this in house? Honestly, even if > you're limiting the access to employees, opening up HTTP traffic to your LAN > is rarely a good idea. A good outside hosting company can offer you > security/redundancy/support that your office network can't possibly equal. Basically, it is being done because management wants it. I would prefer to host externally but for some unknown reason, they do not want to go that way. > > > questions: > > > > 1. Our current site is hosted externally and controlled in another > > country. > > It doesn't need to be in another country, though :-) At least it isn't third world. > > > 2. We do not have an intranet, but do have RWW and Sharepoint (not > > being used) > > Well, technically speaking, you *do* have an intranet, even if you don't use > it :-) You might look into RWW for your remote users; it's "poor man's > terminal server" and is quite handy. > I do use RWW and it is quite useful and I guess thats were I am confused. The Sharepoint is an intranet so does this help in any way. > > 3. This web app will only be used by our staff and will have no > > external customers. Some will be remote. > > > > I have had little experience setting up a webserver from scratch. > > > > 1. Do I need an external domain name to have this available to > > external staff? > > No, but don't you have a registered domain name already? You could use > http://<publicIPaddress> if you wanted, but I don't like having to remember > IP addresses. > Me either and the staff would never be able to handle it. > > 2. Do I need an External IP and were would I get this? My ISP? > > Yes - you must have one already, or you would have no internet access. > Ideally, if you're puting a webserver in, you should have more than one > public IP, so you can set up a DMZ (demilitarized zone) and put your > webserver in there. You can allow LAN-->DMZ, and WAN-->DMZ traffic, without > letting WAN-->LAN on the often-exploited port 80 used for HTTP . I meant to ask if I need a second one. How can get the IP associated with a name via DNS (external)? > > If you're allowing HTTP traffic into your network, it should not be allowed > to touch your LAN, for reasons of security. It's quite bad enough to let in > HTTPS for OWA, but you really have no choice there. > > > 3. What other type of setup is needed? > > If you're going to properly isolate this in a DMZ, check out > http://en.wikipedia.org/wiki/Demilitarized_zone_(computing) for a > guide/info. > > > > I have purchased a Blade server with Windows server 2003 and SQL for > > the app to reside on. > > > > Your assistance is greatly appreciated as I must get this application > > up and running pretty quickly. > > For specifics about IIS, post in an IIS group. My advice above is general > server networking/security stuff - HTH.. > > > > Thanks -- Jim A. "Lanwench [MVP - Exchange]" wrote: > JimA <JimA@discussions.microsoft.com> wrote: > > I currently have: an SBS2003 server SP1, a Windows server 2003 server > > running financials, a Windows Storage Server 2003 (64bit) for Backups, > > a Linux server. A custom web app was developed externally and I need > > to host this site in our site. > > What's the justification for bringing this in house? Honestly, even if > you're limiting the access to employees, opening up HTTP traffic to your LAN > is rarely a good idea. A good outside hosting company can offer you > security/redundancy/support that your office network can't possibly equal. > > > questions: > > > > 1. Our current site is hosted externally and controlled in another > > country. > > It doesn't need to be in another country, though :-) > > > 2. We do not have an intranet, but do have RWW and Sharepoint (not > > being used) > > Well, technically speaking, you *do* have an intranet, even if you don't use > it :-) You might look into RWW for your remote users; it's "poor man's > terminal server" and is quite handy. > > > 3. This web app will only be used by our staff and will have no > > external customers. Some will be remote. > > > > I have had little experience setting up a webserver from scratch. > > > > 1. Do I need an external domain name to have this available to > > external staff? > > No, but don't you have a registered domain name already? You could use > http://<publicIPaddress> if you wanted, but I don't like having to remember > IP addresses. > > > 2. Do I need an External IP and were would I get this? My ISP? > > Yes - you must have one already, or you would have no internet access. > Ideally, if you're puting a webserver in, you should have more than one > public IP, so you can set up a DMZ (demilitarized zone) and put your > webserver in there. You can allow LAN-->DMZ, and WAN-->DMZ traffic, without > letting WAN-->LAN on the often-exploited port 80 used for HTTP . > > If you're allowing HTTP traffic into your network, it should not be allowed > to touch your LAN, for reasons of security. It's quite bad enough to let in > HTTPS for OWA, but you really have no choice there. > > > 3. What other type of setup is needed? > > If you're going to properly isolate this in a DMZ, check out > http://en.wikipedia.org/wiki/Demilitarized_zone_(computing) for a > guide/info. > > > > I have purchased a Blade server with Windows server 2003 and SQL for > > the app to reside on. > > > > Your assistance is greatly appreciated as I must get this application > > up and running pretty quickly. > > For specifics about IIS, post in an IIS group. My advice above is general > server networking/security stuff - HTH.. > > > >
Guest Lanwench [MVP - Exchange] Posted November 27, 2007 Posted November 27, 2007 Re: setting up a webserver JimA <JimA@discussions.microsoft.com> wrote: >> JimA <JimA@discussions.microsoft.com> wrote: >>> I currently have: an SBS2003 server SP1, a Windows server 2003 >>> server running financials, a Windows Storage Server 2003 (64bit) >>> for Backups, a Linux server. A custom web app was developed >>> externally and I need to host this site in our site. >> >> What's the justification for bringing this in house? Honestly, even >> if you're limiting the access to employees, opening up HTTP traffic >> to your LAN is rarely a good idea. A good outside hosting company >> can offer you security/redundancy/support that your office network >> can't possibly equal. > > Basically, it is being done because management wants it. I would > prefer to host externally but for some unknown reason, they do not > want to go that way. I'd ask them why, and for specifics. You can change hosting companies to one in your own country, you know. Have you explained to them the security risks, and also that you don't have the firepower that a hosting company has available to it? Again, if you're going to do this, it needs to be on a protected network segment so the universe at large cannot connect to your LAN/AD/whatnot. If you don't have the hardware available to you now, you might look at a SonicWALL or other "three-legged router" to create the DMZ for you easily. > >> >>> questions: >>> >>> 1. Our current site is hosted externally and controlled in another >>> country. >> >> It doesn't need to be in another country, though :-) > > At least it isn't third world. Heh. >> >>> 2. We do not have an intranet, but do have RWW and Sharepoint (not >>> being used) >> >> Well, technically speaking, you *do* have an intranet, even if you >> don't use it :-) You might look into RWW for your remote users; >> it's "poor man's terminal server" and is quite handy. >> > > I do use RWW and it is quite useful and I guess thats were I am > confused. The Sharepoint is an intranet so does this help in any way. Yes, it's an intranet. > >>> 3. This web app will only be used by our staff and will have no >>> external customers. Some will be remote. >>> >>> I have had little experience setting up a webserver from scratch. >>> >>> 1. Do I need an external domain name to have this available to >>> external staff? >> >> No, but don't you have a registered domain name already? You could >> use http://<publicIPaddress> if you wanted, but I don't like having >> to remember IP addresses. >> > Me either and the staff would never be able to handle it. > >>> 2. Do I need an External IP and were would I get this? My ISP? >> >> Yes - you must have one already, or you would have no internet >> access. Ideally, if you're puting a webserver in, you should have >> more than one public IP, so you can set up a DMZ (demilitarized >> zone) and put your webserver in there. You can allow LAN-->DMZ, and >> WAN-->DMZ traffic, without letting WAN-->LAN on the often-exploited >> port 80 used for HTTP . > > I meant to ask if I need a second one. How can get the IP associated > with > a name > via DNS (external)? Whomever hosts your public DNS does this.....unless you have access to it in a control panel. You'd set up whatever.mydomain.com to point at the public IP in question. > >> >> If you're allowing HTTP traffic into your network, it should not be >> allowed to touch your LAN, for reasons of security. It's quite bad >> enough to let in HTTPS for OWA, but you really have no choice there. >> >>> 3. What other type of setup is needed? >> >> If you're going to properly isolate this in a DMZ, check out >> http://en.wikipedia.org/wiki/Demilitarized_zone_(computing) for a >> guide/info. >>> >>> I have purchased a Blade server with Windows server 2003 and SQL for >>> the app to reside on. >>> >>> Your assistance is greatly appreciated as I must get this >>> application up and running pretty quickly. >> >> For specifics about IIS, post in an IIS group. My advice above is >> general server networking/security stuff - HTH.. >> >> >> >> Thanks > >> JimA <JimA@discussions.microsoft.com> wrote: >>> I currently have: an SBS2003 server SP1, a Windows server 2003 >>> server running financials, a Windows Storage Server 2003 (64bit) >>> for Backups, a Linux server. A custom web app was developed >>> externally and I need to host this site in our site. >> >> What's the justification for bringing this in house? Honestly, even >> if you're limiting the access to employees, opening up HTTP traffic >> to your LAN is rarely a good idea. A good outside hosting company >> can offer you security/redundancy/support that your office network >> can't possibly equal. >> >>> questions: >>> >>> 1. Our current site is hosted externally and controlled in another >>> country. >> >> It doesn't need to be in another country, though :-) >> >>> 2. We do not have an intranet, but do have RWW and Sharepoint (not >>> being used) >> >> Well, technically speaking, you *do* have an intranet, even if you >> don't use it :-) You might look into RWW for your remote users; >> it's "poor man's terminal server" and is quite handy. >> >>> 3. This web app will only be used by our staff and will have no >>> external customers. Some will be remote. >>> >>> I have had little experience setting up a webserver from scratch. >>> >>> 1. Do I need an external domain name to have this available to >>> external staff? >> >> No, but don't you have a registered domain name already? You could >> use http://<publicIPaddress> if you wanted, but I don't like having >> to remember IP addresses. >> >>> 2. Do I need an External IP and were would I get this? My ISP? >> >> Yes - you must have one already, or you would have no internet >> access. Ideally, if you're puting a webserver in, you should have >> more than one public IP, so you can set up a DMZ (demilitarized >> zone) and put your webserver in there. You can allow LAN-->DMZ, and >> WAN-->DMZ traffic, without letting WAN-->LAN on the often-exploited >> port 80 used for HTTP . >> >> If you're allowing HTTP traffic into your network, it should not be >> allowed to touch your LAN, for reasons of security. It's quite bad >> enough to let in HTTPS for OWA, but you really have no choice there. >> >>> 3. What other type of setup is needed? >> >> If you're going to properly isolate this in a DMZ, check out >> http://en.wikipedia.org/wiki/Demilitarized_zone_(computing) for a >> guide/info. >>> >>> I have purchased a Blade server with Windows server 2003 and SQL for >>> the app to reside on. >>> >>> Your assistance is greatly appreciated as I must get this >>> application up and running pretty quickly. >> >> For specifics about IIS, post in an IIS group. My advice above is >> general server networking/security stuff - HTH..
Recommended Posts