Hi Nils-Olof,
There are a couple reasons why this would be a good setup. If you get it "right".
Here's how I would probably do it;
We use a firewall called smoothwall. (
www.smoothwall.org). This (free) system turns a old, unused computer, with 3 network cards, into a "firewall appliance". ie it sites between the ADSL router and the Lan(s). Smoothwall supports the idea of "zones" - ie the internet is red, but there are also 2 Lans (hence needing the 3 cards), one called Orange and the other Green.
The idea is that the "Green" lan can "connect to" the orange lan, but not the other way around. So incoming traffic directed through the router, goes to smoothwall, which in turn directs it only to the "orange" zone. Should the server thus be compromised (for any reason) it cannot affect the "green" machines.
This all sounds quite complex, but is very straight-forward to set up. And while we probably don't _really_ need it (because of the NAT protection offered by the ADSL router) it allows us to partition our Lan in a suitable way.
Ok, so that said, we hav the TPS files on the _orange_ server, with the web app the client app running on green.
Another reason - it's better for the server to have the files "local". It makes it easier to run as a service, and means "a single point" is required to keep the web server going. If the tps files are somewhere else on the lan then you have 2 points that can fail (bringing down the server).
I like the 2 machine approach as well because the sever one is "yours" and the client one is "theirs". They can reboot, update, do all the things users like to do on their machine, without affecting the server.
Cheers
Bruce
Topic: Deployment question (Read 2721 times)