Announcement

Collapse
No announcement yet.

Stand-alone server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Stand-alone server

    Hi

    Please could sombody tell me what the term "standalone sever" stands for?

    I have to deploy a standalone iis+sql server, does that mean I can't make it a member server of the domain for authenticating users with their AD credentials?? (application only being used by internal users)

    If so, does that mean the server has to be placed in the DMZ? how do i then authenticate the users??

  • #2
    Re: Stand-alone server

    Stand-alone server usually means a server not part of any domain.
    Regarding your other questions, I cannot give you an answer without more info...
    - what does this server does?
    - where are users connecting to it? From inside the network (LAN), or from the outside, or both?
    Please describe what do you need, we cannot guess...
    Last edited by sorinso; 31st August 2008, 12:32. Reason: typos ...

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

    Comment


    • #3
      Re: Stand-alone server

      the server is a standard iis web application server with a backend sql database (both on same server).

      all the users of the application are internal users conecting from the internal LAN.

      My confusion arises as i have read many different explainations as to what a stand-alone server is.

      So if we go by what you say and the server cannot be part of the domain, does that mean for authenticating the users I will have to create local users on the server?

      also where would you place the server.... DMZ or on internal LAN?

      Comment


      • #4
        Re: Stand-alone server

        Maybe they mean a Member Server in this case.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: Stand-alone server

          Originally posted by sameeha01 View Post
          So if we go by what you say and the server cannot be part of the domain, does that mean for authenticating the users I will have to create local users on the server?
          Are your users authenticating against the Web application? If so, does the authentication is taken from their AD credentials, or are they logging in with some web form? Even so, web applications tend to use the IIS_Guest user to communicate with the resources on the server ... Is your application like this?

          Originally posted by sameeha01 View Post
          also where would you place the server.... DMZ or on internal LAN?
          If all your users are from the LAN, why would you want to put the server into the DMZ? It makes no sense...

          I still feel I'm walking in darkness here... I think you should further elaborate what are you trying to achieve... And more about the web application (how it works?).
          Leave the "stand-alone" word at the moment... It is no more than a word, who knows if the person who said that knows the meaning of it ...

          Sorin Solomon


          In order to succeed, your desire for success should be greater than your fear of failure.
          -

          Comment


          • #6
            Re: Stand-alone server

            i have very little idea of how the web app is configured.

            I have been asked how i would deploy this server. Its a scenario for which i have been told to come up with a deployment strategy. All i have been told is that its a stand alone iis 6.0 and Sql 2005 server running on win2k3r2 standard.

            I have an ip address and an AD infrustructure available. whether i need to use the AD infrustructure is still up for debate...maybe i don't have to?

            I am taking the assumption here that all the users are going to be internal users.

            If this the case what is the easiest way of deploying this server.

            sorry if this is still vague but that all the info i have been given.

            Comment


            • #7
              Re: Stand-alone server

              Wow, dude ....
              We could fill a book with "if-then-else" scenarios here... With the info you have so far, the options are infinite...
              I'll try to make this simple, dealing with few of the major questions:
              - if the users are from inside the LAN only, then no problem. If you have outside users too, then the firewall kicks in. Do you have any firewall? Do you have any DMZ? You will need to allow access to port 80 and/or 443 (http and/or https, depending on how your application works).
              - if your application uses one of the default IIS users, then no AD connection needed. In this case, the server can be stand-alone (not part of the domain) or member server (part of the domain, it has its advantages). If the configuration is set for Windows authentication, then the server should be part of the domain.
              Anyhow, the server should be updated to the day, hardened according to its role and monitored...
              Forgot anything?

              Sorin Solomon


              In order to succeed, your desire for success should be greater than your fear of failure.
              -

              Comment


              • #8
                Re: Stand-alone server

                tell me about it dude... my head hurts!!

                so... final solution...

                internal users, make it standalone(not part of domain)... authenticate users by way of a local user database....???

                that sound ok??

                Comment


                • #9
                  Re: Stand-alone server

                  In a very problematic and simplistic way, yes, you may say so...
                  But still, there are so many pieces of the puzzle missing ...

                  Sorin Solomon


                  In order to succeed, your desire for success should be greater than your fear of failure.
                  -

                  Comment


                  • #10
                    Re: Stand-alone server

                    See, until they told me otherwise, I would say Member Server, authentication via AD, inside the LAN. (it's more secure this way). They have to give you a LOT more information about the application and the planned user base before these questions can be given definitive answers.


                    Tom
                    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                    Anything you say will be misquoted and used against you

                    Comment


                    • #11
                      Re: Stand-alone server

                      Right... I have decided to plan for three scenarios:

                      Scenario1: All users are internal. - Make server member of domain, use AD to authenticate, disable IUSR_computername account. Configure IIS and sql to use integrated Windows authentication mode

                      Scenario2: All users are internal but insist on server being Stand-Alone: Authenticate users by way of local user database. disable IUSR_computername account.

                      Scenario3: Both external and Internal users: Place server in DMZ, open port 389 on firewall to allow LDAP to authenticate internal users to AD. do not disable IUSR_computername account.
                      Not sure which mode to configure IIS and SQL, any help here appreciated!!

                      have i covered all the bases, can you think of anything i may have missed off?

                      Comment


                      • #12
                        Re: Stand-alone server

                        Originally posted by sameeha01 View Post
                        Scenario3: Both external and Internal users: Place server in DMZ, open port 389 on firewall to allow LDAP to authenticate internal users to AD. do not disable IUSR_computername account.
                        I doubt if the ldap port is sufficient for authentication purposes.
                        Also how do you want to configure this?
                        Last edited by Dumber; 1st September 2008, 19:15.
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: Stand-alone server

                          i am open to sugestion with regards configuration.

                          what would you suggest for scenario 3?

                          bearing in mind both the IIS and sql are residing on the same server?

                          Comment


                          • #14
                            Re: Stand-alone server

                            Well don't place a member server in the domain?
                            To authenticate against the domain the server should be member of the domain.
                            Other option, but I'm a bit unsure if this is possible with IIS (don't have it here right now) is Radius authentication.
                            Forward all authentication requests to the internal domain to a Radius server which is a member of the domain.
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment

                            Working...
                            X