We are in the process of converting a very old FoxPro system over to a MS SQL / VB system at the company I work at. We are already utilizing the SQL database to a good extent internally. It currently resides behind our firewall on our LAN and can only be accessed as such for internal usage. Part of our conversion process will bring some web applications online, however. This is where our dilemma enters in and we are trying to analyze the best solution to connect both our inside LAN users and web customers to the same database.
Currently our IIS 6.0 web server resides on a DMZ. We have a few more DMZs at our disposal. What would be the best way to let the web server access the database for the web applications? We have brewed up a couple of ideas, and would love to hear more / get input on what the best solution is. One idea is to have a replicated database out on another DMZ that the web server can access. This database would strictly be used for serving web applications and would be updated from our production database. The problem with this is we really don?t have the hardware resources or programming resources / time to make this happen (the latter per our programmers and the difficulty they say that will entail such a setup with replication). Another idea was to put our production database out on a DMZ for both our internal traffic and the web server to talk to. The big question here is?how secure can we make the database? I suppose there is also the option of just having the web server talk to the database server while it is inside our private LAN, but again?how secure can we make it?
I?m uncertain what all there is to consider, or what all there is for options. I would love to hear what options we have to look at that best weigh security AND making it not so difficult. Any help from here or pointing me to some good resources to research / study-up on this matter would help tremendously.
Thanks for any assistance!
E Spigle
