+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 40
Hardware Thread, Servers in Technical; I would get a separate webserver. We have our own private network (vlan) for our webserver. Our main network is ...
  1. #16

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,938
    Thank Post
    886
    Thanked 1,693 Times in 1,472 Posts
    Blog Entries
    12
    Rep Power
    447
    I would get a separate webserver. We have our own private network (vlan) for our webserver. Our main network is not exposed to the world. Our exchange is obviously but only for incoming mail though.

    Just a suggestion

    ittech's idea for the DC's is pretty good
    Last edited by FN-GM; 6th February 2008 at 10:41 PM. Reason: typo

  2. #17

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    Quote Originally Posted by FN-Greatermanchester View Post
    I know where you are coming from but surely you would want us to share our experiences with the service on warranty work?
    Nothing will come of this plan so the service provided by companies doesn't matter to me.

    Quote Originally Posted by powdarrmonkey View Post
    If you're going to expose it to the world, then yes, but you need to consider how you'll authenticate exchange users.
    That throws another spanner in the works. I don't understand DMZ's.
    Last edited by Edu-IT; 6th February 2008 at 11:13 PM.

  3. #18

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,938
    Thank Post
    886
    Thanked 1,693 Times in 1,472 Posts
    Blog Entries
    12
    Rep Power
    447
    So your not getting the servers then?

  4. #19

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,938
    Thank Post
    886
    Thanked 1,693 Times in 1,472 Posts
    Blog Entries
    12
    Rep Power
    447
    Oh right its a project. I get you now! sorry i didn't read it properly, a blonde moment.

  5. #20

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    Quote Originally Posted by FN-Greatermanchester View Post
    Oh right its a project. I get you now! sorry i didn't read it properly, a blonde moment.
    Not a problem. In the real world what you have said is valid but for this there is no need for me to discuss warranties.

    I've already wrote about the different servers so really I would like to get my head around DMZ's rather than using a VLAN. When a DMZ is used is there anything additional that I need to show in a network diagram or is the DMZ simply configured through the server? I'm clueless.

    Internet | Firewall | Web Server/Exchange Server | Firewall | Servers

    The part in red would obviously be the DMZ. What exactly do I require to create the DMZ and also as mentioned above how do I authenticate the exchange users if there is a DMZ?
    Last edited by Edu-IT; 6th February 2008 at 11:29 PM.

  6. #21

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    Well, the way a DMZ usually works is that it is a physically segmented network (or a virtually segmented one with ACL's in place) is used to host the externally facing services. The internal network is allowed to communicate to those services via the router/firewall but the server is not allowed to communicate with internal hosts directly.

    The way I'd probably do it is to have 3 network cards in the smoothwall box, 1 for the LAN, 1 for the router and 1 for the DMZ. Then plug the router directly into the smoothwall box and the other 2 either into the same switch but on different VLAN's or into 2 different switches that can't directly talk to each other.

    But there are, of course, other ways of doing it.

  7. #22

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    I'm well and truly confused. I take it that I would then configure the VLANs through the SmoothWall or have I completely missed the point?

    I've gone for the SmoothGuard 1000-UTM box which has "7 Gigabit Ethernet interfaces configurable as any combination of external, DMZ or local networks".
    http://www.smoothwall.co.uk/products/smoothguard1000/

  8. #23

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    If you were to go with the VLAN option, you would plug the cables into the switch from the smoothwall box, and set up the VLANs on the switch - assigning each port that connects in to a different VLAN. You would allow inter-vlan routing between any vlan's on the internal network but not the DMZ and internal network. The smoothwall box would be used as the router for that, and then firewall rules be used to allow traffic through or not.

    On the smoothwall box (i've not used smoothwall in a while so this may be a little different) you would then assign the connected interfaces to their functions - internal (green), external (red) and DMZ (orange).

  9. #24

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    If you were to go with the VLAN option, you would plug the cables into the switch from the smoothwall box, and set up the VLANs on the switch
    In the server room there will be a fiber feed which connects to a switch. I've been told that this could cause a bottleneck, any suggestions as to what else to do? The seven servers then connect to this switch. Are you saying that I should connect the cables to the switch on the SmoothWall box and not the other switch I've put in place? Or could I configure the different VLANs on the switch I already have and simply connect the SmoothWall box to this switch?

    The only servers connecting to the outside world will be the Web Server/Exchange server so does this class as external or DMZ? I would think DMZ.

    Sorry if this seems simple.
    Last edited by Edu-IT; 7th February 2008 at 10:48 AM.

  10. #25

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    Quote Originally Posted by Edu-IT View Post
    In the server room there will be a fiber feed which connects to a switch. I've been told that this could cause a bottleneck, any suggestions as to what else to do? The seven servers then connect to this switch. Are you saying that I should connect the cables to the switch on the SmoothWall box and not the other switch I've put in place? Or could I configure the different VLANs on the switch I already have and simply connect the SmoothWall box to this switch?

    The only servers connecting to the outside world will be the Web Server/Exchange server so does this class as external or DMZ? I would think DMZ.

    Sorry if this seems simple.
    Easiest way of saying it is with a diagram. The slide1.jpg file is using VLANs and slide2.jpg is physical seperation.

    For the first, the switch would have 3 VLANs set up with the smoothwall box plugged in to 3 ports - each on a different vlan. The router would be on another port in 1 vlan, and the DMZ'd servers (website and exchange) would be on another 2 only in that VLAN. Then the smoothwall box would have the appropriate rules set up to allow access to the internet and dmz from internal, and access to the DMZ from external.

    In the second, the switch is dedicated to the internal LAN, the router is plugged directly into the smoothwall box, as are the 2 DMZ'd servers, and 1 port plugs in to the switch. Then appropriate rules are set up as in the first.
    Attached Images Attached Images

  11. #26

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    Thanks for that. Starting to make sense now. I take it the rules that I configure will allow exchange to authenticate users?

  12. #27

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    Quote Originally Posted by Edu-IT View Post
    Thanks for that. Starting to make sense now. I take it the rules that I configure will allow exchange to authenticate users?
    You should be able to make use of exchange seamless

  13. #28

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    What about users accessing the exchange server externally? By the way, what did you use to create those network diagrams?
    Last edited by Edu-IT; 7th February 2008 at 01:32 PM.

  14. #29

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    Quote Originally Posted by Edu-IT View Post
    What about users accessing the exchange server externally? By the way, what did you use to create those network diagrams?
    This would be set to be allowed on your smoothwall box, and then forwarding rules set up on your router.

  15. Thanks to localzuk from:

    Edu-IT (7th February 2008)

  16. #30

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,139
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    If I've understood correctly then this is how it will be. What did you use to create the network diagrams?

    Another thought I've just had, if I don't allow the DMZ and the internal VLAN to communicate then does that mean access to the exchange server/web server can only be done over the internet or would the firewall rules allow the communication?
    Attached Images Attached Images
    Last edited by Edu-IT; 7th February 2008 at 02:20 PM.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. NTP Servers
    By Grommit in forum Hardware
    Replies: 10
    Last Post: 1st October 2010, 11:51 AM
  2. How many servers??
    By maniac in forum Hardware
    Replies: 4
    Last Post: 6th November 2007, 10:05 AM
  3. IBM 335 servers
    By wesleyw in forum How do you do....it?
    Replies: 4
    Last Post: 19th July 2007, 10:01 AM
  4. Servers
    By Lee_K_81 in forum Hardware
    Replies: 14
    Last Post: 18th May 2007, 08:12 AM
  5. What should I do with my new servers?
    By sidewinder in forum Wireless Networks
    Replies: 12
    Last Post: 21st November 2006, 10:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •