Deploy .Net application on 3 tier architecture RRS feed

  • Question

  • Currently my web application is running on 2 tier architecture where application is hosted in IIS 8.0 on one server & Database of that application is on separate database server.

    Now as per our Security team's requirement they recommend 3 tier architecture where end user will request URL of my web application hits on Web Server, Source Code of my application should be reside on Application server which can be accessed only through web server and database call to my database server should be done through application server only.

    Security team is planning to move our servers in DMZ where end user can only access my web server through browser request, web server cannot directly access our database server, source code of the application should be only available in application server.

    Can anyone suggest that how I can achieve 3-tier architecture for my ASP.Net 2.0 web application.

    Monday, May 29, 2017 6:11 AM

All replies


    Tuesday, May 30, 2017 7:26 PM
  • Am not sure if your question is very clear.

    When you say you want to run a 3-tier Architecture, you want to have 3 separate deployment units ( Maybe processes ) for your web, application and database components. As you have mentioned, you already have an application ( which runs under IIS ) and a database component. Under ASP.Net Core, IIS and Application already run as separate processes and so you already have 3 tiers.

    Normally i would go for a 3 tier instead of a 2 tier Architecture when i need more loose coupling in terms of introducing changes to any one of the layers. Am not convinced if this would completely be for security.

    Monday, June 19, 2017 1:00 PM
  • I don't think many people would recognise separate processes as a definition of separate tiers. Tiers are typically physical separation to allow such things as change of operation system for a tier without affecting others. From a security perspective the use of process as tiers has probably even less advocates.

    Tuesday, June 20, 2017 6:12 PM
  • As far as i understand we could look at a "Tier" as a unit of deployment. Two units could be deployed on two physical machines or on a single machine. By having the two tiers as two separate processes we have them addressing two independent memory spaces.

    I understand there is no security in terms of Authorization or Authentication in this model. However i am not sure if that is what the question is seeking for, or something else.

    Friday, June 23, 2017 8:34 AM
  • The deployment is only one aspect, being able to deploy on completely different OS, or rather change the OS of one tier without affecting the other is a more specific test.

    Sunday, June 25, 2017 7:12 PM