Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE:

From: "Stout, Bill" <StoutB () pios com>
Date: Tue, 16 Jun 1998 20:30:58 -0400
----- Original Message -----

Hello,
      I'm looking for information on the best way to allow our web

server to 

access an internal database.  We are beginning an Internet commerce 
site.  I've heard of several techniques: 
1) The web server has wrapper/stub cgi programs that call cgi routines



on a second external box that has permission to cross the firewall 
(a.k.a. a cgi reflector) 


Why a second box?  That will slow you down significantly.  The server
extensions should run on the webserver, which accesses an internal
application server.  You can either use a third interface on a firewall,
or cascade firewalls and be completely proxied (http/https to internet,
SQL to the inside).

Internet---FW-----Internal
           |
        Webfarm

For high-bandwidth situations (co-located), an alternative is to
front-end the webfarm with a network accelerator/intelligent caching
proxy (caches non-cgi URLs) which only passes http/https traffic, and
connect that to the third interface which proxies or packet-filters SQL
queries.

Internet----+---NA--Webfarm
            |         |
            +--------FW-------Internal


2) Move the web server inside and proxy it out to the Internet.


Bad idea.


3) Export database to external server and allow web server to hit that



db.


Eats CPU on webserver, harder to maintain and keep Db current.



I know that many thousands of companies are doing commerce but I've

been 

unable to find a best practices document or other such info.


They each think their network design is a comeditive differentiator.  ;)



Thanks in advance for any comments, info, or pointers to where I can 
find some info.


Oracle, Microsoft, Redbrick, Information Advantage, Netscape, Digital,
IBM, Sun, Compaq, HP all have 'solutions' and will fall all over
themselves for a commerce site sale.  As long as you have money.

Lots of raw data on the Internet.  Beware of taking raw data as fact.
;)

Bill Stout



Rick



______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
----- End Of Original Message -----
Previous By Date Next
Previous By Thread Next

Current thread: