Hey folks. i am faced with the task to build organize a network. I am planning to have some dmz for the client boxes and a dmz the server and monitoring workstations.
there will be about 30 client desktops in each of the client dmz, and 4 of such dmz. A additional DMZ will hold the servers (email: pop3/smp/qmtp, dns, MySQL, etc...) and some admin workstations. But i am predicting a problem, and it relates to performance issues (I/O throughtput).Two main server will be demanded a lot for I/O: The NFS server (home directories), and MySQL server, LDAP server. I see two approaches: 0) Take them away from the Server DMZ perimeter. The ideia is to have each of those box with a 4 network 1 GB network NIC and connect them directly to each of them 4 client dekstop DMZ. 1) Get every server inside the DMZ server. Garantees better security control over them, but now i have a single point of failure and there is a considerable I/O bottleneck. Everything needs to pass via the dmz firewall and performance may drop down. So my questions are: What is your experience? Which approach did you take? Thanks a lot. PS: BTW, could a openbsd server handle such a nfs server ? About 120 clients connected at once.
