Should your web site database have its own dedicated server?
Should you have separate dedicate servers or clusters for your web site and database? It comes down to your security and reliability needs. What are the pros and cons of each scenario? Is it worth the expense? We shall delve into these business-critical questions in this article.
Let’s look at the security and reliability impact of the various common configuration choices.
In a shared hosting environment, your web site and database are usually hosted on the same server as the web sites and databases of many other businesses unknown to you and outside of your control.
- The biggest (and perhaps only) advantage to choosing a shared hosting environment is that it is very inexpensive.
- The resources of your server can be consumed by other organizations in a way that you can not control. If other organizations are using the server, then there will be fewer resources available for you. Your site will run much slower than it otherwise would. And, as we all know, slower site speed means fewer sales and more dissatisfied users.
- As your own web site and database share the same server resources (disk usage, memory, CPU), they will run slower than if they used independent resources. Again, this leads to slower performance especially if your site is busy or complex.
- Sharing a server with other organizations makes the server more vulnerable to a breach. This could be from employees of other organizations or from hackers targeting other organizations. It could also be due to poor (security) choices made by anyone of these other organizations. These poor choices permit attackers to access or exploit system vulnerabilities and gain full access to your code, credentials, and data.
- If someone does gain unauthorized access to your server, that also provides direct access to your entire database, as it is also located on the compromised server. All of your data will be there for the taking. Furthermore, since your web site code is also there, attackers can often get all of the credentials they need to defeat database encryption or protections that you may have set up.
- Shared hosting is not good for sites that receive a lot of traffic for the performance reasons given above.
Dedicated Web Site and Database Hosting: 1 Server
Putting your web site and database on a single dedicated server is the next level up after shared hosting. Dedicated web hosting is vastly better than shared; however as we shall see, it is not the ideal for security or reliability.
- Moderate price point compared to the other non-shared options discussed below.
- The server resources are dedicated to you. You are not sharing with other organizations and thus your performance is not going to vary by factors unrelated to your own site.
- Similarly, using a dedicated server insulates your site and data from breaches caused by others poor security choices. Isolating your resources is critical for compliance. It is absolutely required for PCI compliance, and it goes a long way to helping you meet HIPAA-compliance requirements.
- You can choose a dedicated sever powerful enough to handle your expected web site traffic.
- Your web site and database will still share the same server resources (disk usage, memory, CPU). As a result, your database and web site will run slower than they would if they did not share resources with each other. Again, this leads to slower performance, especially if your site is busy or complex.
- If your server is breached, the intruder also has direct access to your entire database, as it is also located on the compromised server. All of your data will be there for the taking. Furthermore, since your web site code is also there, attackers can often get all of the credentials they need to defeat database encryption or protections that you may have set up.
Dedicated Web Site and Database Hosting: Separate Servers
Putting your web site and database on separate dedicated servers provides much better security and performance.
- Your resources are dedicated to you. You are not sharing with other organizations and thus your performance is not going to vary because of external factors.
- Now that your web site and database use independent resource pools, everything can be faster. Complex, disk and CPU-intensive database queries will not slow independent web site requests. Hard-hitting web site accesses and downloads will not slow your database operations. As a result, you will have more resources and much less resource contention.
- Similarly, using dedicated servers insulates your site and data from being impacted by intrusions or breaches caused by others poor security choices. Isolating your resources is critical for compliance and is a central tenant of the Zero Trust Framework. It is absolutely required for PCI compliance, and helps meet HIPAA compliance requirements.
- When you separate your web site and database servers, you can strictly limit access to the database server. From a cybersecurity perspective, this means your most vulnerable point is your web server. If the web server is compromised, the information in your database is much safer when isolated. Unless the attacker gleans your database access credentials from the web server and then seeks to access and exfiltrate data from there, that server will generally remain uncompromised. Even if your web site is hacked, malware is installed, or data exfiltrated, the database is secure. It is extremely difficult to completely protect your data, but though isolation you achieve a much higher level of safety.
- This generally costs 50-100% more than just getting a dedicated web plus database server.
- You still have single points of failure. If a server goes down or fails, you will be unable to access your data.
Dedicated Web Site and Database Clusters
When uptime, security, and performance are paramount, the next level is a high availability dedicated cluster. In this scenario you have:
- 2+ web servers set up with load balancing.
- A separate main database server that these web servers use.
- Optionally set up additional database servers to distribute query load or to provide failover if needed.
Once you start thinking about clusters, everything is custom and a function of what resources your application needs, what traffic levels you anticipate, what your tolerance for down time is, and what your budget is. Highly available solutions can quickly become expensive, but provide the highest level of load and fault tolerance. These backup failover databases can be geographically replicated to keep your systems online even if data centers go offline because of a natural disaster. There are many different ways to configure your server and database clusters. The team at LuxSci is happy to help you figure out which solution will best fit your needs.
Which solution is right for you?
To figure out the best solution for your web site and database, you should ask the following questions:
- Do I have specific compliance requirements?
- How much traffic will my site receive? What resources do I really need to handle that?
- What sensitive information will be stored? E.g. usernames, passwords, personal information, confidential information, corporate secrets, protected health information (PHI), etc.
- How important is it that my site be always up and performing well? E.g., if being offline will cost you lots of money in sales, then it is worth it to invest in a high availability solution that will be very resilient.
- If I have a choice of dedicated server types, should I invest in more expensive ones that have built-in hardware redundancy (e.g. so that they are unlikely to be offline due to hardware issues)?
- What can I afford to spend?
Once you have answers to these questions, review the above pros and cons and contact us to find your optimal solution and price point.