SQL Server Web Service in a web environment architecture

Question

I am new at SQL Server web Service and not too knowledgeable in setting up a secure web environment... From what I've read until now regarding SQL Web Service, I would need to: 1. create a stored procedure, 2. create an endpoint 3. create a web service 4. call the stored procedure from the web...

Sounds easy enough although for Steps 3 and 4, I don't have a clue how to do for now... but my question is in the architecture before I start testing. From my understanding, the SQL web service resides on the SQL Server? If this is the case, it means that the DMZ would have direct access to our internal network? that's a nono as far as I know...

In an architecture where I would want an SQL Server within a closed off network, and an application/business tier within a DMZ and web servers in another DMZ... How would I be able to get some information that is needed from the SQL Server in the closed off network while keeping it secure? hence the reason why I started investigating the possibility of using the SQL Server Web Service...

In my mind, each web server in DMZ1 will have their DB in the DMZ which will contain minimal non sensitive info to run the website, but retrieving general accumulated information (such as points, sales or historic info, etc.) that can be generated from different web sites and different sources cannot be transferred to the Website DBs due to their size and need the data to be in real-time. I was thinking of having a DMZ2 which contains the SQL Server Web Service (as an SQL Web Service Layer) which would retrieve data from the SQL server within our network.
Is it possible? Is it a good idea? If not, How would you go about it?

Thank you for your help.

Answer 1

Typically, you'd have a web service hosted in IIS or some other http daemon in the internal network, with a firewall hole opened up for the specified port and machine where the http web service is hosted.

The web service, being inside, would have access to the SQL Server as required.

This maintains protection for the SQL Server since it is not directly accessible from the dmz/website.

FYI, SOAP/xml endpoints in SQL Server were deprecated as of SQL Server 2012.