My current (imaginary) setup has a DMZ with two servers and an internal network with two more servers
Servers in DMZ- Webserver (Company Website), Proxy
Servers in the internal Network – Messaging (Exchange) and Authentication and Domain Services (AD)
Now I have only one SAN setup which I should share between those two networks.
Is connecting the SAN to both the servers in the DMZ and the internal Network a Sin in Network Security Context ?
Whats the best practice ?
Best Answer
Since the SAN is a separate infrastructure, as long as you zone separate LUNs to separate locations, it should not be a horrible problem.
However, usually a SAN is the placeholder for all the sensitive data in the organization, and it is best to keep it as secure as possible, preferrably accessible only internally, by firewall protected servers