Results 1 to 5 of 5

Thread: databse in DMZ

  1. #1
    Join Date
    May 2002
    Posts
    47

    Unanswered: databse in DMZ

    We provide datawarehousing reports.
    Our datbases are currenlty in the DMZ.

    Why? Wouldn't just the webserver be in the DMZ and the db's reside on the private network?

  2. #2
    Join Date
    Oct 2002
    Posts
    369

    Question Re: databse in DMZ

    RE:
    Q1 Our datbases are currenlty in the DMZ. Why?
    Q2 Wouldn't just the webserver be in the DMZ and the db's reside on the private network?
    A1 That is a good question for your DB developers, IT / business management, etc.,.

    A2 Configured well, that may be a somewhat more secure arrangement than having all (???) corporate DBs in a DMZ . Some corporations may have reasons to isolate (low risk DBs) in a DMZ. For example, if 'main' internal DBs are completly isolated from any intenet connectivity for security or policy reasons, there may be periodic small loads to the DMZ DBs of a working dataset, (while the core of the historical data is physically secured from any potential internet exposure). Or it may have just been for developer convenience.

  3. #3
    Join Date
    Feb 2002
    Posts
    2,232
    What is very curious is that datawarehouse data is usually highly confidential.

    Normally, database servers are restricted from being accessed directly from the Internet due to security/confidential/hacking issues. Also, make sure that the ports that are open are ones absolutely necessary. The database server should only be accessible from the application/web server.

    If the database server has to be available in the DMZ then replicate/copy the information from the master database, which is on the intranet behind firewall 2, to the DMZ database - this way if any damage does happen to the DMZ database server your master is still protected.

  4. #4
    Join Date
    May 2002
    Posts
    47

    backup master

    When you say "master" db you mean the systme db, right? How do I use the master db to recover from a user db failure. I remember that when I was studying for my exams but I have never had to use that.

    -K

  5. #5
    Join Date
    Feb 2002
    Posts
    2,232
    No - The master is the sql server instance running on the intranet (not the dmz).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •