Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Placement of Backup / MySQL Server in IPv4 Network

Placement of Backup / MySQL Server in IPv4 Network 5 years 2 weeks ago #37651

  • leeand00
  • leeand00's Avatar
  • Offline
  • New Member
  • Posts: 15
  • Karma: 0
I'm thinking about setting up a network configuration, where the backup server and the MySQL server are on the same machine, and where the webserver is on a separate machine.

It's on an IPv4 network. I plan to have the webserver on the DMZ all the time, but I'd like to be able to access the MySQL / Backup server from the webserver.

Now from what I know about networking, I'm pretty sure you're supposed to have your MySQL and Backup on the LAN, with a firewall rule that allows the webserver to access MySQL and the Backup.

Presently I've got it working in the following way (which I believe works, but isn't necessarily the correct way to accomplish this...) see diagram below:



Now I think the correct way to go about doing this is to keep the backup server / mysql box on the lan and access it through a rule (or is it forwarding) in the firewall. However, the backup tool I'm using requires that the webserver initiate the backup...so how does one (forward?) packets from the dmz to the machines on the lan? And is that even a good idea?

The administrator has disabled public write access.

Re: Placement of Backup / MySQL Server in IPv4 Network 5 years 2 weeks ago #37655

  • Arani
  • Arani's Avatar
  • Offline
  • Moderator
  • Posts: 745
  • Thank you received: 10
  • Karma: 4
Hi,
Moved it to this forum as it's now under a more appropriate category.

Cheers
Picking pebbles on the shore of the networking ocean
The administrator has disabled public write access.
The following user(s) said Thank You: leeand00

Re: Placement of Backup / MySQL Server in IPv4 Network 5 years 2 weeks ago #37656

  • leeand00
  • leeand00's Avatar
  • Offline
  • New Member
  • Posts: 15
  • Karma: 0
Thank you.
The administrator has disabled public write access.

Re: Placement of Backup / MySQL Server in IPv4 Network 5 years 1 week ago #37657

  • leeand00
  • leeand00's Avatar
  • Offline
  • New Member
  • Posts: 15
  • Karma: 0
Is this inconsequential? Well maybe it's just Thanksgiving weekend. :)
The administrator has disabled public write access.

Re: Placement of Backup / MySQL Server in IPv4 Network 5 years 1 week ago #37659

  • leeand00
  • leeand00's Avatar
  • Offline
  • New Member
  • Posts: 15
  • Karma: 0
*bump*
The administrator has disabled public write access.

Re: Placement of Backup / MySQL Server in IPv4 Network 5 years 1 week ago #37662

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
leeand00,

I'll agree with your second diagram. Indeed, it's always a good ideal to place the SQL server in your LAN environment, rather than the DMZ. In such a setup, you simply require the appropriate access lists on each interface of your router, so that it allows the seamless communication between the required hosts, which in your case is your Web Server and SQL server.

You'll need to identify the required ports, so you can fine-tune your router's access lists to allow communication between the two server's only for specific services e.g www, mysql etc.

Another suggestion, if the data held on the Mysql server is not critical/sensitive, is to leave the MySQL server in the DMZ zone (which solves your backup problem) , and have an automated process where the MySQL server copies its backup to another server in your LAN.

Alternatively, if the Mysql server moves to the LAN network, you'll need to find a way to overcome the initiation of your backup process.

Closing, its a good idea to have the backup machine separate from your Mysql server. If the Mysql server gets hacked, you'll end up loosing everything!

Let us know if you require any additional help or have any further questions.

Thanks.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.
The following user(s) said Thank You: leeand00
  • Page:
  • 1
  • 2
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup