Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Network / Server use / Network Design Help.

Status
Not open for further replies.

tcpipgeek

IS-IT--Management
Feb 21, 2007
19
US
Hello,
I am looking to get some network engineering advice about how best to use 3 average 2u servers in a windows environment for a small business. I am more focused on security for my CRM database than anything else.

The story:

I am just a small business and l have these servers that are less than a year old and collecting dust.

I want to:
• Create a simple website for my customers use. ( Very little traffic)
• Purchase and manage a web based CRM software. (Uses an Access database)
• Create an FTP server for techs to use and maybe some time in the future allow customer access to download / upload some files.


I understand I do not need to use three servers to accomplish this. However I have them so I want to use them.


My goal is to end up with the servers being used and being exposed to the outside as little as necessary.
I was hoping for some ideas and feedback as to how some of you more experienced network engineers would use or configure these servers to accomplish what I am after.



My ideas so far are:
Server 1: Use to host my small business website that does not get much if any traffic and is simply a site for new customers to learn a bit about my business and provide a button to “Create a new ticket” using my CRM software running on a different server.

Server 2: Install my CRM software on. It’s basically like help desk software that uses a Microsoft Access database. I want to create a “ Click here to open new ticket“ button on server one that when clicked it would launch my web based CRM software and present to the “Clicker” the “Create new ticket” window.

Server 3: Probably use for an FTP server to store files that field techs may need to quickly fix issues.



My thinking was to buy an inexpensive router with a DMZ port and put “Server 1” (website server) on the DMZ.
I was hoping to be able to make “Server 1” the only Server seen by the outside for security sake.

I wanted “Server 2” (CRM customer service software and database server) to be on the inside of the network for security purposes. The only way I want it accessed is through someone clicking the “Create new ticket” button on “Server 1” so that the web based CRM software will present the customer with the “Create new ticket” window.

Server 3 is going to be used simply as an FTP server. I am not sure how best to place it so it is most secure.

Any expert design ideas would be really appreciated.

Thanks!
 
Go virtual! The most bang for your buck and license costs are many times lower (for Windows OS's). Plus you can easily back up the entire virtual machine and move it if you need to. You could have redundancy as well, i.e. load balancing for your websites, clustering for your DB, etc... might be overkill, but think long term.

Check out VMWare vSphere Hypervisor for bare-metal server installs (and it's free) - no I don't work for VMWare ;). I have to say that I haven't used this version of VMWare, so I'm not sure all of the features that it has (or lacks) but from what I've read it looks great (I've used other VMWare products, Virtualbox, etc).


Regards,

J
 
Your wasting Server 3 on an FTP server. Just add that service to the web server and open the FTP and HTTP/HTTPS ports on the Firewall. Keeping it as a stand alone server will also minimize any security and trust mis-configurations as well.

You can setup the FW so that you can only RDP to that server from computers on your own lan.

Internal Network
[Server1] 192.168.1.10
[Client1] 192.168.1.20
[Client2] 192.168.1.30
----------------------------
[Firewall 1] 192.168.1.1 (Internal IP)
[Firewall 1] 99.99.99.99 (External IP)
----------------------------

DMZ Network
[Server2] 10.10.10.10
----------------------------
[Firewall 2] 10.10.10.1 (Internal IP)
[Firewall 2] 99.99.99.100 (External IP)
Fwd FTP, HTTP, HTTPS to Server2
Fwd RDP port (3389) to Server2 only from 99.99.99.99
----------------------------

Q - But how do I control the web server from home?
A - You can setup a VPN tunnel to your LAN with "Use Default Gateway on remote computer" to ping-pong into your lan and back out.

Now you also have a free server.

It sounds like your not going to be running Ebay on these servers. Just a basic web site and FTP so even if these servers are mid-range W2K servers that are 5+ years old they are easily going to handle the web traffic and FTP access. The only thing that will choke them is the amount of traffice your Inet pipe has available.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top