Does this Web App Server-Data Server configuration make sense on a cloud server?

Question

I was planning to have my web application on one server instance, my sql (express) on another instance and a separate domain controller on another. The purpose to allow the asp.net application to access sql server under windows security. This is hosted on a cloud server. Am I getting any security benefit doing this considering its on the cloud server? For example, each 'machine' will have Remote Desktop active.

If it is better than keeping it all on one server instance, what else can i do to maximize security?

Answer 1

Well, separating servers out such that if one is compromised it doesn't lead to a compromise of all your data is a good thing, definitely. That's the main advantage you are getting.

You need to make sure, with the separate layout, that your SQL box doesn't allow connections (to the SQL server) from just any old IP; only the Web server (And, obviously, your external firewall would block that port anyway).

As to what else you can do? Perhaps ask on the networking forums. Many, many things come to mind :)