Hi all,
I hope this is not off topic.
Our application group want to put a DB server in the DMZ for a new web
application. The data will be replicated from the internal DB server every
night. They try to avoid the risks of allow a public accessible box to
connect to the internal database. However put the database server in DMZ
will also create problems it large volume of data need to copy across the
firewall and the effort to keep the data in sync.
We have think about following multi-tiers solutions if the databases are
kept in the internal network instead:
1. Use a reverse proxy server in the DMZ and keep the database server and
application server in internal network.
2. Keep the application server in DMZ and use a database proxy server which
contains no data but map the data in virtual views which exists in the
internal database servers.
I know many of you came across this situation. What is the best practice on
such situation and why?
Ken
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
