Deployment of a CMS Site

Deployment of a CMS Site	=?Utf-8?B?SmF2aWVyIFJ1aXo=?=
Re: Deployment of a CMS Site	Spencer Harbar [MVP]
Re: Deployment of a CMS Site	=?Utf-8?B?SmF2aWVyIFJ1aXo=?=
Re: Deployment of a CMS Site	Spencer Harbar [MVP]
Re: Deployment of a CMS Site	Spencer Harbar [MVP]
Re: Deployment of a CMS Site	=?Utf-8?B?SmF2aWVyIFJ1aXo=?=
Re: Deployment of a CMS Site	=?Utf-8?B?SmF2aWVyIFJ1aXo=?=
Re: Deployment of a CMS Site	Spencer Harbar [MVP]

From: =?Utf-8?B?SmF2aWVyIFJ1aXo=?= Subject: Deployment of a CMS Site Date: Thu, 20 Jan 2005 15:01:01 -0800 -- Hello Everyone How Can I deploy a CMS 2002 without of a DB, i need that the site functions only with IIS because my servers are in a DMZ. From: Spencer Harbar [MVP] Subject: Re: Deployment of a CMS Site Date: Fri, 21 Jan 2005 10:27:44 -0000 You don't need to have SQL on the same box, you could connect to a remote sql machine hosting the CMS database which is not located on the DMZ and just have IIS and the Content Server components on the Web box. hth Spence www.mcmsfaq.com "Javier Ruiz" wrote in message news:7989C76E-A6AE-44FF-B927-6A4A38D8A0DE@microsoft.com... > > -- > Hello Everyone > > How Can I deploy a CMS 2002 without of a DB, i need that the site > functions > only with IIS because my servers are in a DMZ. From: =?Utf-8?B?SmF2aWVyIFJ1aXo=?= Subject: Re: Deployment of a CMS Site Date: Fri, 21 Jan 2005 06:21:04 -0800 Ok, thanks. But my scurity department don´t allow me this configuration because this is a "security risk" this is the reason that i am not able to do this configuration. And I need that my site works only with IIS. "Spencer Harbar [MVP]" wrote: > You don't need to have SQL on the same box, you could connect to a remote > sql machine hosting the CMS database which is not located on the DMZ and > just have IIS and the Content Server components on the Web box. > > hth > Spence > www.mcmsfaq.com > > > "Javier Ruiz" wrote in message > news:7989C76E-A6AE-44FF-B927-6A4A38D8A0DE@microsoft.com... > > > > -- > > Hello Everyone > > > > How Can I deploy a CMS 2002 without of a DB, i need that the site > > functions > > only with IIS because my servers are in a DMZ. > > > From: Spencer Harbar [MVP] Subject: Re: Deployment of a CMS Site Date: Fri, 21 Jan 2005 14:33:38 -0000 OK, well - the security "risk" of allowing SQL traffic inter-zone can be mitigated easily, but it sounds like a battle not worth fighting :) MCMS is all about the dynamic compliation of content (from the DB) with templates (from the IIS box) - this architecture means you need one of the two configurations your security "policy" doesn't allow. One alternative is to place the DB on another box in the DMZ, - just because it's on that network doesn't mean it has to be exposed to the Internet. You could 'stage' a static version of the MCMS site to a 'vanilla' IIS box in the DMZ by using a commercial staging tool or Stefan's stager (http://www.gotdotnet.com/Community/UserSamples/Download.aspx?SampleGuid=153B8D20-EE51-4105-AAEF-519A7B841FCC), but you are loosing pretty much all of the benefits of a content management system, and would need to perform this staging excercise anytime the content is modified. hth Spence www.mcmsfaq.com "Javier Ruiz" wrote in message news:50AA7C68-DDBF-4A40-A920-E61D077EC456@microsoft.com... > Ok, thanks. > > But my scurity department don´t allow me this configuration because this > is > a "security risk" this is the reason that i am not able to do this > configuration. > > And I need that my site works only with IIS. > > "Spencer Harbar [MVP]" wrote: > >> You don't need to have SQL on the same box, you could connect to a remote >> sql machine hosting the CMS database which is not located on the DMZ and >> just have IIS and the Content Server components on the Web box. >> >> hth >> Spence >> www.mcmsfaq.com >> >> >> "Javier Ruiz" wrote in message >> news:7989C76E-A6AE-44FF-B927-6A4A38D8A0DE@microsoft.com... >> > >> > -- >> > Hello Everyone >> > >> > How Can I deploy a CMS 2002 without of a DB, i need that the site >> > functions >> > only with IIS because my servers are in a DMZ. >> >> >> From: Spencer Harbar [MVP] Subject: Re: Deployment of a CMS Site Date: Fri, 21 Jan 2005 15:20:51 -0000 a much better solution here is to host the MCMS box on your Internal network, and use an ISA Server on your DMZ to 'web publish' (microsoft terminology) or reverse proxy (traditional terminology) the application to the Internet. hth s. "Spencer Harbar [MVP]" wrote in message news:OnlAvY8$EHA.2584@TK2MSFTNGP09.phx.gbl... > OK, well - the security "risk" of allowing SQL traffic inter-zone can be > mitigated easily, but it sounds like a battle not worth fighting :) > > MCMS is all about the dynamic compliation of content (from the DB) with > templates (from the IIS box) - this architecture means you need one of the > two configurations your security "policy" doesn't allow. > > One alternative is to place the DB on another box in the DMZ, - just > because it's on that network doesn't mean it has to be exposed to the > Internet. > > You could 'stage' a static version of the MCMS site to a 'vanilla' IIS box > in the DMZ by using a commercial staging tool or Stefan's stager > (http://www.gotdotnet.com/Community/UserSamples/Download.aspx?SampleGuid=153B8D20-EE51-4105-AAEF-519A7B841FCC), > but you are loosing pretty much all of the benefits of a content > management system, and would need to perform this staging excercise > anytime the content is modified. > > hth > Spence > www.mcmsfaq.com > > > > "Javier Ruiz" wrote in message > news:50AA7C68-DDBF-4A40-A920-E61D077EC456@microsoft.com... >> Ok, thanks. >> >> But my scurity department don´t allow me this configuration because this >> is >> a "security risk" this is the reason that i am not able to do this >> configuration. >> >> And I need that my site works only with IIS. >> >> "Spencer Harbar [MVP]" wrote: >> >>> You don't need to have SQL on the same box, you could connect to a >>> remote >>> sql machine hosting the CMS database which is not located on the DMZ and >>> just have IIS and the Content Server components on the Web box. >>> >>> hth >>> Spence >>> www.mcmsfaq.com >>> >>> >>> "Javier Ruiz" wrote in message >>> news:7989C76E-A6AE-44FF-B927-6A4A38D8A0DE@microsoft.com... >>> > >>> > -- >>> > Hello Everyone >>> > >>> > How Can I deploy a CMS 2002 without of a DB, i need that the site >>> > functions >>> > only with IIS because my servers are in a DMZ. >>> >>> >>> > > From: =?Utf-8?B?SmF2aWVyIFJ1aXo=?= Subject: Re: Deployment of a CMS Site Date: Fri, 21 Jan 2005 06:55:05 -0800 Thanks Spencer. "Spencer Harbar [MVP]" wrote: > OK, well - the security "risk" of allowing SQL traffic inter-zone can be > mitigated easily, but it sounds like a battle not worth fighting :) > > MCMS is all about the dynamic compliation of content (from the DB) with > templates (from the IIS box) - this architecture means you need one of the > two configurations your security "policy" doesn't allow. > > One alternative is to place the DB on another box in the DMZ, - just because > it's on that network doesn't mean it has to be exposed to the Internet. > > You could 'stage' a static version of the MCMS site to a 'vanilla' IIS box > in the DMZ by using a commercial staging tool or Stefan's stager > (http://www.gotdotnet.com/Community/UserSamples/Download.aspx?SampleGuid=153B8D20-EE51-4105-AAEF-519A7B841FCC), > but you are loosing pretty much all of the benefits of a content management > system, and would need to perform this staging excercise anytime the content > is modified. > > hth > Spence > www.mcmsfaq.com > > > > "Javier Ruiz" wrote in message > news:50AA7C68-DDBF-4A40-A920-E61D077EC456@microsoft.com... > > Ok, thanks. > > > > But my scurity department don´t allow me this configuration because this > > is > > a "security risk" this is the reason that i am not able to do this > > configuration. > > > > And I need that my site works only with IIS. > > > > "Spencer Harbar [MVP]" wrote: > > > >> You don't need to have SQL on the same box, you could connect to a remote > >> sql machine hosting the CMS database which is not located on the DMZ and > >> just have IIS and the Content Server components on the Web box. > >> > >> hth > >> Spence > >> www.mcmsfaq.com > >> > >> > >> "Javier Ruiz" wrote in message > >> news:7989C76E-A6AE-44FF-B927-6A4A38D8A0DE@microsoft.com... > >> > > >> > -- > >> > Hello Everyone > >> > > >> > How Can I deploy a CMS 2002 without of a DB, i need that the site > >> > functions > >> > only with IIS because my servers are in a DMZ. > >> > >> > >> > > > From: =?Utf-8?B?SmF2aWVyIFJ1aXo=?= Subject: Re: Deployment of a CMS Site Date: Fri, 21 Jan 2005 07:01:04 -0800 Do you have an Article that discribes how can i do this configuration to Mitigate SQL Traffic inter-zone. "Javier Ruiz" wrote: > Thanks Spencer. > > > "Spencer Harbar [MVP]" wrote: > > > OK, well - the security "risk" of allowing SQL traffic inter-zone can be > > mitigated easily, but it sounds like a battle not worth fighting :) > > > > MCMS is all about the dynamic compliation of content (from the DB) with > > templates (from the IIS box) - this architecture means you need one of the > > two configurations your security "policy" doesn't allow. > > > > One alternative is to place the DB on another box in the DMZ, - just because > > it's on that network doesn't mean it has to be exposed to the Internet. > > > > You could 'stage' a static version of the MCMS site to a 'vanilla' IIS box > > in the DMZ by using a commercial staging tool or Stefan's stager > > (http://www.gotdotnet.com/Community/UserSamples/Download.aspx?SampleGuid=153B8D20-EE51-4105-AAEF-519A7B841FCC), > > but you are loosing pretty much all of the benefits of a content management > > system, and would need to perform this staging excercise anytime the content > > is modified. > > > > hth > > Spence > > www.mcmsfaq.com > > > > > > > > "Javier Ruiz" wrote in message > > news:50AA7C68-DDBF-4A40-A920-E61D077EC456@microsoft.com... > > > Ok, thanks. > > > > > > But my scurity department don´t allow me this configuration because this > > > is > > > a "security risk" this is the reason that i am not able to do this > > > configuration. > > > > > > And I need that my site works only with IIS. > > > > > > "Spencer Harbar [MVP]" wrote: > > > > > >> You don't need to have SQL on the same box, you could connect to a remote > > >> sql machine hosting the CMS database which is not located on the DMZ and > > >> just have IIS and the Content Server components on the Web box. > > >> > > >> hth > > >> Spence > > >> www.mcmsfaq.com > > >> > > >> > > >> "Javier Ruiz" wrote in message > > >> news:7989C76E-A6AE-44FF-B927-6A4A38D8A0DE@microsoft.com... > > >> > > > >> > -- > > >> > Hello Everyone > > >> > > > >> > How Can I deploy a CMS 2002 without of a DB, i need that the site > > >> > functions > > >> > only with IIS because my servers are in a DMZ. > > >> > > >> > > >> > > > > > > From: Spencer Harbar [MVP] Subject: Re: Deployment of a CMS Site Date: Fri, 21 Jan 2005 15:19:44 -0000 I don't have an article on it - it's a pretty straightforward configuration - a firewall rule to allow TCP 1433 between the Web and SQL boxes (and only those boxes) you can also mitigate risk by ensuring this connection is encrypted using SSL or IPSec. As TCP1433 is not allowed 'in' via the Internet, there is little (if any) exposure of the SQL box. You can find hardening information (removing nasty system sprocs etc) at www.sqlsecurity.com. hth s. "Javier Ruiz" wrote in message news:CD43A74B-1E76-4C61-A66F-7920FB229F7F@microsoft.com... > Do you have an Article that discribes how can i do this configuration to > Mitigate SQL Traffic inter-zone. > > "Javier Ruiz" wrote: > >> Thanks Spencer. >> >> >> "Spencer Harbar [MVP]" wrote: >> >> > OK, well - the security "risk" of allowing SQL traffic inter-zone can >> > be >> > mitigated easily, but it sounds like a battle not worth fighting :) >> > >> > MCMS is all about the dynamic compliation of content (from the DB) with >> > templates (from the IIS box) - this architecture means you need one of >> > the >> > two configurations your security "policy" doesn't allow. >> > >> > One alternative is to place the DB on another box in the DMZ, - just >> > because >> > it's on that network doesn't mean it has to be exposed to the Internet. >> > >> > You could 'stage' a static version of the MCMS site to a 'vanilla' IIS >> > box >> > in the DMZ by using a commercial staging tool or Stefan's stager >> > (http://www.gotdotnet.com/Community/UserSamples/Download.aspx?SampleGuid=153B8D20-EE51-4105-AAEF-519A7B841FCC), >> > but you are loosing pretty much all of the benefits of a content >> > management >> > system, and would need to perform this staging excercise anytime the >> > content >> > is modified. >> > >> > hth >> > Spence >> > www.mcmsfaq.com >> > >> > >> > >> > "Javier Ruiz" wrote in message >> > news:50AA7C68-DDBF-4A40-A920-E61D077EC456@microsoft.com... >> > > Ok, thanks. >> > > >> > > But my scurity department don´t allow me this configuration because >> > > this >> > > is >> > > a "security risk" this is the reason that i am not able to do this >> > > configuration. >> > > >> > > And I need that my site works only with IIS. >> > > >> > > "Spencer Harbar [MVP]" wrote: >> > > >> > >> You don't need to have SQL on the same box, you could connect to a >> > >> remote >> > >> sql machine hosting the CMS database which is not located on the DMZ >> > >> and >> > >> just have IIS and the Content Server components on the Web box. >> > >> >> > >> hth >> > >> Spence >> > >> www.mcmsfaq.com >> > >> >> > >> >> > >> "Javier Ruiz" wrote in message >> > >> news:7989C76E-A6AE-44FF-B927-6A4A38D8A0DE@microsoft.com... >> > >> > >> > >> > -- >> > >> > Hello Everyone >> > >> > >> > >> > How Can I deploy a CMS 2002 without of a DB, i need that the site >> > >> > functions >> > >> > only with IIS because my servers are in a DMZ. >> > >> >> > >> >> > >> >> > >> > >> >