Placement of Backup / MySQL Server in IPv4 Network

leeand00
Topic Author
Offline
New Member

12 years 11 months ago #37651 by leeand00

Placement of Backup / MySQL Server in IPv4 Network was created by leeand00

I'm thinking about setting up a network configuration, where the backup server and the MySQL server are on the same machine, and where the webserver is on a separate machine.

It's on an IPv4 network. I plan to have the webserver on the DMZ all the time, but I'd like to be able to access the MySQL / Backup server from the webserver.

Now from what I know about networking, I'm pretty sure you're supposed to have your MySQL and Backup on the LAN, with a firewall rule that allows the webserver to access MySQL and the Backup.

Presently I've got it working in the following way (which I believe works, but isn't necessarily the correct way to accomplish this...) see diagram below:

Now I think the correct way to go about doing this is to keep the backup server / mysql box on the lan and access it through a rule (or is it forwarding) in the firewall. However, the backup tool I'm using requires that the webserver initiate the backup...so how does one (forward?) packets from the dmz to the machines on the lan? And is that even a good idea?

Arani
Offline
Moderator

12 years 11 months ago #37655 by Arani

Replied by Arani on topic Re: Placement of Backup / MySQL Server in IPv4 Network

Hi,
Moved it to this forum as it's now under a more appropriate category.

Cheers

Picking pebbles on the shore of the networking ocean

The following user(s) said Thank You: leeand00

leeand00
Topic Author
Offline
New Member

12 years 11 months ago #37656 by leeand00

Replied by leeand00 on topic Re: Placement of Backup / MySQL Server in IPv4 Network

Thank you.

leeand00
Topic Author
Offline
New Member

12 years 11 months ago #37657 by leeand00

Replied by leeand00 on topic Re: Placement of Backup / MySQL Server in IPv4 Network

Is this inconsequential? Well maybe it's just Thanksgiving weekend.

leeand00
Topic Author
Offline
New Member

12 years 11 months ago #37659 by leeand00

Replied by leeand00 on topic Re: Placement of Backup / MySQL Server in IPv4 Network

*bump*

Chris
Offline
Administrator

12 years 11 months ago #37662 by Chris

Replied by Chris on topic Re: Placement of Backup / MySQL Server in IPv4 Network

leeand00,

I'll agree with your second diagram. Indeed, it's always a good ideal to place the SQL server in your LAN environment, rather than the DMZ. In such a setup, you simply require the appropriate access lists on each interface of your router, so that it allows the seamless communication between the required hosts, which in your case is your Web Server and SQL server.

You'll need to identify the required ports, so you can fine-tune your router's access lists to allow communication between the two server's only for specific services e.g www, mysql etc.

Another suggestion, if the data held on the Mysql server is not critical/sensitive, is to leave the MySQL server in the DMZ zone (which solves your backup problem) , and have an automated process where the MySQL server copies its backup to another server in your LAN.

Alternatively, if the Mysql server moves to the LAN network, you'll need to find a way to overcome the initiation of your backup process.

Closing, its a good idea to have the backup machine separate from your Mysql server. If the Mysql server gets hacked, you'll end up loosing everything!

Let us know if you require any additional help or have any further questions.

Thanks.

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx

The following user(s) said Thank You: leeand00