Seperating web server from database over public network

Andy asked:

How much of a risk is it splitting nginx web server from mysql database server and having them talk over public network? The database server would be in the same OVH DC but from what I understand there would latency in the equation. The ping between two servers is 0.2ms which seems to be low. I am trying to decide whether to keep everything together and move to a bigger server or move DB away from web server to another server in same DC but there may be network delays which could cause connection issues for users? Important info to note is that server(SQL to be specific) is running out of resources at 12k users so a temporary solution while a proper infrastructure is built is to choose between two options mentioned previously.

My answer:

That level of latency is just fine for talking to a database. Many high traffic sites use a similar architecture and may even have higher latencies to their databases. I wouldn’t worry about that.

The only thing I would worry about is whether others can sniff the traffic. On OVH’s network it’s not likely, as their switches generally don’t flood unwanted traffic all over the place, but it does potentially open you up to ARP poisoning attacks launched by other OVH customers. Rather than use the public network, I would use OVH’s vRack. This creates an isolated network which cannot be seen by other customers at all.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.