so it sounds like you have the system already built you just need to deploy it.
in that case most of your concerns revolve around infrastructure, not programming.
5. Their own website, no. they have to login to our server.
What we need to do is to assign a static public IP address to NAT it to the internal IP address of the testserver and open up port 80 traffic in the firewall to that IP address.
the little I know about infrastructure I would:
1. dedicate a box as the webserver in a DMZ (between firewall and router?).
2. dedicate a box to sql server as a read-only copy of the data located behind the firewall and router(s).
3. ensure that these boxes can only talk to each other.
4. replicate the necessary data from your production server to the reporting database server at regular intervals. this is DBA administrative stuff. log shipping, replication, etc.
5. lock down the IIS on the webserver and use SSL to encrypt increase the security of the site.
I would also ask for advice in forum183 to assist with locking down the database server. I'm sure there are some windows server forums around TT as well that can provide insight into configuring the web/db servers.
you mentioned pointing the webserver to the test database? why would you give customers access to the testing data, or house the production database on the same server as the testing database?
Jason Meckley
Programmer
Specialty Bakers, Inc.
faq855-7190
faq732-7259