We have a new employee who has spent all of his life in Windows and Linux server land writing web applications. He is how moving over to develop web applications on our iSeries. He is dead set on the web app security model of having three pieces of hardware in the mix, one server dedicated to the web server, one to the applications server and one to the database server. His argument being that it makes for a more security environment and it makes for a more manageable hardware resource environment because you can grown any one of the three segments independent of each other if any part becomes a bottle neck. I have grown up on the iSeries midrange platform and am use to the one-box-for-everything model and I am one who believes in the KISS method and prefer to manage one piece of hardware, one os install and have one backup/disaster plan just in case. So we have our current web apps all running in one partition and doing all three functions (Apache, Websphere, DB2). In today's world of virtualization I could create three partitions on the iSeries and dedicate each partition to one of the three functions, assigning each its own pool of available resources, and get the same model on one piece of hardware but my positions is why do that if you don't have to, and let i5OS manage the allocation of physical resources dynamically. I night when my web partition sees no activity those resources are available to night jobs that run in batch. I can see some benefit from a security perspective that the path open from our firewall to the web server dedicated partition would stop anyone from outside from seeing the application server or database partition but we only open ports for http and https to our iSeries now which also keeps the app server and database hidden from off campus, and we use ACLs to do the same access control on campus. The only advantage I can see is with the three partition model, if someone did manage to break into the web server partition they would have no access to the app server or database server without additional hacking, they would only have access to files in that one partition. But even under the one partition model if someone managed to hack the webserver they would only have access to the files authorized to the special QHTTP*** userids.

Is there something I am missing? Are all of you running under the one partition model or have you split the three functions up?

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.