Public Facing Web Service Best Practices

Table of Contents

These are general recommendations for installing any public-facing Web Service on an existing corporate network. 

DMZ

The server hosting the service should be inside a DMZ. This means that this server should be isolated from the rest of the network.

  • Only port 1433 should be open internally from the web server to the SQL server.
  • Only port 443 should be open on the public side and translated to the internal IP address of this web server.

Choose Server

An existing web server can be used, or a new virtual machine can be created. Do not use existing servers that are already being used for other purposes. Do not use an existing SQL server. Existing non-web servers are likely not an option because they can’t be placed into a DMZ. 

Choose Domain

Choose a domain name or sub-domain. For a customer portal this could be something like this:
Portal.yourcompany.com
Customers.yourcompany.com
Whatever.yourcompany.com

Set up DNS records for the domain. Point the domain to the public-facing IP address of the corporate network.

SSL Certificate

Get an SSL certificate. This will need to be keyed from the web server. Install this cert on a test website (or the real web service if it is available at this time) hosted on the web server.