Windows updates and dedicated SQL server in the DMZ

MyPoint CreditUnion asked on June 5, 2015 21:46

We are about to launch our new website, featuring the traditional dev/stage system and 2 web servers connected to one SQL server in the DMZ in a HA/load balanced environment.

I can point my load balancer to one or the other web server in order to patch/update, but how do I update the SQL box? The obvious answer is run 2 SQL boxes, but at this time I do not have that.

Are the web servers going to keep serving when that SQL box is down, or are they going to instantly bomb out once it loses the DB?

What does everyone out there do? Can some one give me an idea on how to accomplish this without adding a 2nd box? The old website used 2 servers, I think we are up to 6 with this new Kentico site.

Recent Answers


Charles Matvchuk answered on June 5, 2015 23:29

Ryan, I would never put my SQL Server in the DMZ, just the webservers and have them point to the SQL Server in the internal zone. If you have no choice then I understand, but your surface area for attack is quite large that way. The sites will go down when you bring down SQL. You need two boxes to do it correctly. I guess you could run 2 SQL Server Hives on the one box and just update the hives independently when you do updates. But if you update OS then obviously everything will go down.

1 votesVote for this answer Mark as a Correct answer

Charles Matvchuk answered on June 5, 2015 23:32

With 2 hives you can synchronize/replicate in real time. Thinking outside the box, what I would do is run Hyper-V spin up 4 instances that way you have total redundancy. Still on one box though, or do two boxes with two hyper-v's on each. Just a thought.

0 votesVote for this answer Mark as a Correct answer

MyPoint CreditUnion answered on June 5, 2015 23:52

These are great ideas, I am going to run this by the admins and see what we can do.

Thanks!

0 votesVote for this answer Mark as a Correct answer

Charles Matvchuk answered on June 6, 2015 04:46

No problem, I am a full stack developer as well as a Certified DBA and Microsoft System Admin, so I am exposed to just about everything.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.