We have an application that stores files on a file server in our LAN. Now, they want a web application to make the files available on our public web server (in the DMZ). What's the best method for accessing those files from the web application?
The options I've considered are:
FTP from the DMZ to the LAN server. (cheapest and easiest)
A second file server in the DMZ and the files are pushed to it from the LAN. (Better performance and security, but also more money)
Configure a reverse proxy in the DMZ which will talk to the web servers (web application) in the backend internal network. This should solve your problem as the real web application will be separated from the external world. Use firewalls, SSL, Client autentication for better security.
just avoid Demilitarized Zones (DMZ) all together! They're the "bluetooth" of networks
Related
I have developed an Enterprise Web App for my company that need to run on a private network. I have assigned the in house server a static IP so to make path to system constant for the users. The problem is that the web application makes calls to Twilio SMS gateway to send SMS to clients via the system but with my our current setup, its impossible since the Server is denied internet access. So how to I expose this server to the internet??
What I have seen quite often in corporate environments is the use of a HTTP proxy to let internal systems call other systems on the internet. Maybe there is a HTTP proxy available in your corporate environment that you can use. This would be the easiest way of doing this without having to change the infrastructure.
I am confussed about 3 server so you guys can help me?A web hosting service is a type of Internet hosting service that allows individuals and organizations to make their website accessible via the World Wide Web is it right?
A webhosting allows you to store the files of your website online.
A domain allows users to request those files and view them on there browsers.
Getting a complete website pakkage should include both of them.
A vpn is a virtual private server. Also used for websites but in this case you need to configure your webhosting and domain al by your self (not recommanded)
A dedicated server is used to host gamerooms etc.
Is it possible to use Web Deploy (wmsvc) across domains? That is, can I deploy from my dev box/build server in one domain onto a web server in another? I am able to do this inside the same domain so I know that I do have the web deployment service configured properly. However from another domain I can't even get the https://severname.domain.com:8172/msdeploy.axd to challenge for credentials.
The short answer is yes.
WMSVC exposes itself on port 8172, but it uses the https protocol. So long as you have a direct way to get from one network to the other, over that port, it will work.
We run all of our webservers on a DMZ, which is an isolated network with separate DNS, active directory servers, etc. I can directly deploy from my build server (on the *.hq network) to the *.dmz.com server over port 8172.
However, I did have to communicate this requirement to the networking group so that they could allow port 8172 to pass through our firewall. Also, I wasn't able to set up web deploy with automatic Windows Auth because the two networks had different domains and different sets of users.
I am trying lock down a virtual machine that acts as an app server for a web application. I have a two VM's: One for the app server and another one running the web server. I have to open a ton of ports to allow the web server talk to some wcf services, but I only want to allow those connections from the web server and no one outside of that network. I have to add endpoints in order for the web server to access the wcf services, but this also makes them accesible to the public IP. How can I only allow this traffic on the
For Virtual Machines, the only way of accessing ports from outside the hosted service is by defining input endpoints (with or without load-balancing across a set of machines). In your case, you'd just open, say, 80 and 443, specifically for your web server (e.g. not load-balanced). This is considered a port-forwarded endpoint since traffic on these two ports get forwarded directly to your web server. For more clarity around port-forwarded endpoints, I suggest Michael Washam's blog post, here.
At this point, you'd open various other ports on your app server (through its firewall config), and now your web server can talk to the app server, yet the outside world won't be able to reach the app server. Note: I'm assuming you placed your web server and app server in the same hosted service. Otherwise, you'd need to find a different way to connect between web and app servers, such as configuring a Virtual Network.
EDIT 6/5/2013 You can now enable ACLs on input endpoints, allowing (or blocking) IP ranges. Today ACLs may only be managed through PowerShell, with the June 2013 update. See this post to learn more.
Machines that exist on the same virtual network will be able to talk to each other as long as the local firewall has been opened to those ports. This problem was with my configuration in my application and not because of this. I also didn't have the correct ports open. Now it works like a charm.
I am developing a web app that is not doing anything fancy. The parent company wants to use a cloud based IIS service to support the web app and then submit the information to the client's local SQL servers through the internet and the client's firewalls.
Traffic isn't that much of an issue, we are talking about probably no more than 10 submissions daily per client. My question is with regard to connecting to the client's SQL servers and running the Stored Proc on each server.
We already have admin privileges on the firewalls and servers to do what we need to do to make anything happen.
What would be my best/reliable/secure method to implement this service?
Page asks for 10 items of info then submits to Stored Proc, that's it... with a local IIS server there is no problem, works nice. I want to make sure that the information stays secured, not just for the 10 items, but the SQL server and any security between it and the IIS server.
Any recommendations?
I would recommend setting up a VPN tunnel between the remote IIS server and the in-house SQL server. With a VPN tunnel, the SQL server is just like any other server on the network to the app.