Example: Securing NLB Solutions
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
An organization has e-commerce Web applications that are accessed by Internet users. The design includes Network Load Balancing to eliminate any application outages and improve performance. The e-commerce Web applications, running on IIS 6.0 and Windows Server 2003, resides in the organization’s perimeter network, which is located between the Internet and the organization’s private network.
Figure 8.12 illustrates the e-commerce Web farm network design after the placement of the following components:
Network infrastructure, including firewalls, routers, switches, and network segments
IIS 6.0 servers into the perimeter network
Active Directory® directory service domain controllers
A computer running Windows Server 2003 and SQL Server 2000 on a server cluster
A computer running Windows Server 2003 and file services on a server cluster
Figure 8.12 IIS 6.0 E-Commerce Web Farm Solution
Table 8.20 lists the design decisions that were made to protect the applications and resources on the cluster and the reasons for making those decisions.
Table 8.20 Cluster Security Design Decisions
Decision | Reason for the Decision |
---|---|
IIS 6.0 servers are placed behind Firewall-01 and Firewall-02. |
Prevents unwanted client traffic by filtering unnecessary client traffic. |
Isolated network for communication is placed between the cluster and other servers in organization. |
Prevents users outside the organization from viewing communications between the cluster and other servers in the organization. |
Remote management is disabled. |
Prevents unauthorized users from managing the cluster. |