|
-
Nov 22nd, 2003, 06:35 PM
#1
Thread Starter
Hyperactive Member
1 site for both Intranet and Internet
Hey all.. working on a new architecture for an app. The site will have both an Intranet site (larger portion of the app) and an Internet site (smaller, minimal functionaly, but common pages with the intranet app). I am trying to decide on what the best architecture would be for such an app as the intranet site is the main site and the internet app has a subset of the intranet's functionality, therefore, it is possible to just filter out functionality based on the user that is connecting to the application... but that may be a security risk..
Here are the designs I am thinking of:
#1 - 2 different sites, since the public site would need to be hosted from a public web server outside the DMZ, you definately dont want the intranet site on that server outside the DMZ... But this has 2 options:
#1a - develop 2 different sites, placed on different servers
#1b - use the same site for each server, just limit the functionality of the site that is outside the DMZ (the internet app)
#2 - Just hosting the internet and intranet site on the same box, outside the DMZ using 1 app. The security we are looking at would be form-based authentication, certian users could be declared as internal or external.. (Heck, with that, all users may as well hit the site from the Internet, no need for the intranet site since both would be form-based login... they dont want to take advantage of NTLM)
Any ideas?
-MCD
[vbcode]
'*****************************
MsgBox "MCD :: [email protected]", vbInformation + vbOKOnly, "User"
'*****************************
[/vbcode]
-
Nov 22nd, 2003, 11:36 PM
#2
PowerPoster
I think there are many reasons for each way. When you are letting outside people access your site, you open it up pretty wide for hackers and script kiddies. If both internal and external users used the same site, then some DOS attack would stop use of your site for both groups. So for that reason alone, I would seperate it to an internal and external site. Don't want a single point of failure. This also makes it harder to maintain because you have two apps that way. So that becomes an argument against it and making it one site for all, just spending the extra time necessary ahead of time to plan for all different known types of attacks.
Any way you go, this might help:
http://msdn.microsoft.com/library/de...eatCounter.asp
-
Nov 23rd, 2003, 10:20 AM
#3
Thread Starter
Hyperactive Member
Thanks, hellswraith... I had thought about the hacker factor if the site was accessible to both public and internal users... but what i didnt think about were the effects, as you described, that if the public site was brought down for some reason, the internal site would be as well... the clients sole work would be done on the internal site, and we cant have it going down for any reason.. arguable, the internal site should be 5-nines, while the external site could tollerate 3- to 4-nines up time (meaning 99.999% uptime versus 99.9% uptime)
any other thoughts?
For the sake of argument, if i did have 1 site, would IIS handle having 2 sub domains, one for internal, one for external, to the same web application? how does memory and session get handled then, in the same process, or different process?
thanks,
-md
[vbcode]
'*****************************
MsgBox "MCD :: [email protected]", vbInformation + vbOKOnly, "User"
'*****************************
[/vbcode]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote