Orion DMZ and Middle Tier

Question

Hello all,

I'm currently trying to plan an architecture to move our Orion into Azure. I'm trying to do this as securely as I can with the goal of placing an AWS (Additional Web Server) into a DMZ for public access possibly. What I keep running across is that a requirement I'm reading on the scalability guidelines is that an AWS requires a direct 1433 connection to the Orion database. This requirement ultimately kills my middle tier strategy. Meaning having a DMZ for the web server(s), a middle tier for the MPE and APEs, and a backend tier containing the database.

Has anyone ran across a way to do this securely? Have you done this yourself and have some suggestions?

Ultimately, I could limit the port and perhaps change it from a non-standard one and use SQL authentication only there, but still seems like a security risk.

Thoughts?

popem · Answer

Thanks @vinay.by , I do remember that's possible and at the very least, this would provide some comfort I suppose. I guess I'm just disappointed that this architecture isn't possible and curious if anybody else has come up with something.

vinay.by · Answer

Hello @popem

You are right in saying so, that's how the architecture is, but you can always use an encrypted connection to your database

https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-encrypt-database-connections-with-ssl.htm