i have a webserver on a dmz that is accessible from anyone on the internet. I want customers to be able to sign in through https and see account information that is stored on another server on another more secure dmz.
i have already successflly configured access for customers from the internet to the webserver and i created an access list allowing the web server to access the server with cust. acct. info through http. Problem is when i test this, the page with the customer info is not displayed. i can ping in both directions between the two servers so i know the connectivity is there. i'm not sure if the traffic between the two servers should be https or if this design is even the most practical idea
The IT manager is suggesting that i move the server with the customer account info to the dmz with the webserver but i have serious security concerns about this.