Physical separation of secure and non-secure web requests
We are doing some research on physically isolating secure and non-secure sections of our web application in two applications. All "http" requests will be served by one server (or cluster), and all "https" requests will be served by another server (or cluster).
The reason we are looking at this is in part due to the liveness of the application. Since the protected section of the application is a source of revenue, we could, for example, have a larger and / or more powerful cluster to serve requests. Conversely, when we upgrade the hardware in a secured application, it can be reassigned to serve an unsecured site - basically extending the life of the servers.
Has anyone worked with this approach? Last year we had an RFP from a (well known) vendor for an architectural assessment, and this was one of the possible paths that was recommended. While I see growth potential, I am concerned about things like maintenance, deployment, version control, etc.
source to share
Depending on how your application is archived, it seems to me that if you were using virtualization / load balancing, you could have the same benefits of guaranteed resources and isolation for the paid area, and also be able to dynamically hack resources to handle spikes in the load in any area. Your current proposal allows you to guarantee and prioritize resources, but this may lead to some of them being idle.
Plus, it would be easier to manage the boot through configuration, since then it would be a pure deployment issue and a completely separate issue. You would also be more independent of your hardware upgrade path as you simply add / assign virtual machines to new hardware.
source to share