Split Server SDM Install VS Single Server SDM setup
A common question asked is “Why go for a split server install compared to a single server SDM installation?” There are benefits to both setups and there is no right or wrong way to complete the install. First of all let's look at benefits to each setup and why they could be chosen.
DMZ: Snow Gateway, IIS webpages, Messaging service.
Internal: SDM Server, SDM server service. (Snow Cloud Extender Optional)
A split server install can be very beneficial owing to the core installation behind corporate firewalls and a separate DMZ server that is responsible for both incoming and outbound connections. In this setup, core systems are not opened up and there is less risk to internal servers.
SDM requires certain ports to be opened, for example 2195 or 5325 due to connection to both Google messaging services and Apple Push services. These are not standard ports and opening any port from internal systems can always be considered a risk. Because of this, an installation can be created where a server in the DMZ can communicate using these ports with data coming will come into the network on a single port.
Another benefit to this method is that 1 single server is not tasked with accepting all traffic from devices, processing of the incoming data, creating the logs and also sending instructions to devices. This can have minor improvements to the speeds of the system.
Server: Gateway, IIS webpages, Messaging service, SDM Server, SDM server Service. (Snow Cloud Extender Optional)
The single server install can still have benefits and there are quite a few reasons for having a the standalone SDM install.
With a single server, 1 server will accept all outbound and inbound connections for mobiles and web pages, as well as housing the core install for the software. This is beneficial as there is less overhead required to manage the servers, and in addition SDM certificates will also reside on 1 server only. Less resourcing is need to look after 1 server, less patching and less maintenance. There are also benefits in regards to maintaining and updating the system as only 1 server will require updates and not both which could double downtime.
For both of the above installations, the media is the same.
With our Active Directory integrator, the 'Snow Cloud Extender' tool can go on any server and is very lightweight. The application will need direct connection to both the SDM system and also Active Directory. Consideration has to be given to the location of this tool as sometimes the DMZ server may not be a suitable location for this tool due to insufficient access to active directory.
With this information, it might now be easier to decide which install is best for you.
Created by Craig Davies