June 27th, 2003, 14:35
heres what we got:

External Webserver
DB SERVER -x- Backup server
INternal Webserver

pipes ("|") are direct connections, "x"'s are crossovers
basicly a webserver connected by a crossover to a db server which is connected by another crossover to a backup server and another crossover to an internal webserver.
Plan ATM:
Both Webservers: Slackware linux, apache 2 worker (threaded)
DB server: Freebsd 4.8/MySQL 4
Backup server: Obsd, rsync via ssh
external webserver runs postfix, either imapd/pop3d
internal webserver does samba.

whats feedback on the grand master plan.
NOTE: i am not responsible for firewalling or IDS

June 27th, 2003, 14:55
What are you trying to acheive with all the crossovers? It seems it would be better to use a firewall to separate dmz's, internal and external. From your diagram, it seems that if the db server or either webserver goes down, then the internal loses net access. That's 3 separate single points of failure. With a firewall separating the zones, you reduce this to 1 single point of failure which can be alleviated with redundant firewalls. Is there some functional reason that the machines have to be connected like your diagram shows?

What is the purpose of the backup server? Is it to backup just the database or is it to backup all the machines? If it's a backup just for the db then make it the same OS as the db so you can keep similar configurations on the backup server. That way if the db goes down it will be much easier to replace the db server with the backup server.

July 6th, 2003, 19:51
the reason to use crossovers instead of configing switches is my boss is a dumbass, and i dont want to be dependant on any of his machines. also, these server do not control acess to the outside world for the intranet, so if all of them go down, internet access is still granted to the rest of the maches.

oh, and the backup machine backs up everything :)