1. Security. Your web server lives in a DMZ, accessible to the public internet and taking untrusted input from anonymous users. If your web server gets compromised, and you've followed least privilege rules in connecting to your DB, the maximum exposure is what your app can do through the database API. If you have a business tier in between, you have one more step between your attacker and your data. If, on the other hand, your database is on the same server, the attacker now has root access to your data and server.
2. Scalability. Keeping your web server stateless allows you to scale your web servers horizontally pretty much effortlessly. It is verydifficult to horizontally scale a database server.
3. Performance. 2 boxes = 2 times the CPU, 2 times the RAM, and 2 times the spindles for disk access.

1. 安全。您的 Web 服务器位于 DMZ 中，可访问公共互联网并接受来自匿名用户的不受信任的输入。如果您的 Web 服务器受到威胁，并且您在连接到数据库时遵循了最低权限规则，那么最大的暴露程度就是您的应用程序可以通过数据库 API 执行的操作。如果中间有一个业务层，则攻击者和数据之间还有一步之遥。另一方面，如果您的数据库在同一台服务器上，则攻击者现在可以访问您的数据和服务器。
2. 可扩展性。保持您的 Web 服务器无状态可以让您毫不费力地水平扩展您的 Web 服务器。这是非常困难的横向扩展的数据库服务器。
3. 表现。2 个盒子 = 2 倍的 CPU、2 倍的 RAM 和 2 倍的磁盘访问主轴。

All that being said, I can certainly see reasonable cases that none of those points really matter.

尽管如此，我当然可以看到合理的情况，这些点都不重要。

It doesn't reallymatter (you can quite happily run your site with web/database on the same machine), it's just the easiest step in scaling..

它并不真正的事（你可以很愉快地运行您的网站在同一台机器上的网络/数据库），它只是在缩放最简单的一步..

It's exactly what StackOverflow did - starting with single machine running IIS/SQL Server, then when it started getting heavily loaded, a second server was bought and the SQL server was moved onto that.

这正是 StackOverflow 所做的——从运行 IIS/SQL Server 的单台机器开始，然后当它开始负载过重时，购买了第二台服务器并将 SQL 服务器移到该服务器上。

If performance is not an issue, do not waste money buying/maintaining two servers.

如果性能不是问题，请不要浪费金钱购买/维护两台服务器。

On the other hand, referring to a different blogging Scott (Watermasyck, of Telligent) - they found that most users could speed up the websites (using Telligent's Community Server), by putting the database on the same machine as the web site. However, in their customer's case, usually the db & web server are the only applications on that machine, and the website isn't straining the machine that much. Then, the efficiency of not having to send data across the network more that made up for the increased strain.

另一方面，参考另一篇博客 Scott（Telligent 的 Watermasyck）——他们发现大多数用户可以通过将数据库与网站放在同一台机器上来加速网站（使用 Telligent 的社区服务器）。但是，就他们的客户而言，通常 db 和 web 服务器是该机器上唯一的应用程序，并且网站不会对机器造成太大压力。然后，不必通过网络发送数据的效率弥补了增加的压力。

I would think the big factor would be performance. Both the web server/app code and SQL Server would cache commonly requested data in memory and you're killing your cache performance by running them in the same memory space.

我认为最大的因素是性能。Web 服务器/应用程序代码和 SQL Server 都会将通常请求的数据缓存在内存中，而在相同的内存空间中运行它们会降低缓存性能。

Tom is correct on this. Some other reasons are that it isn't cost effective and that there are additional security risks.

汤姆在这一点上是正确的。其他一些原因是它不符合成本效益并且存在额外的安全风险。

Webservers have different hardware requirements than database servers. Database servers fare better with a lot of memory and a really fast disk array while web servers only require enough memory to cache files and frequent DB requests (depending on your setup). Regarding cost effectiveness, the two servers won't necessarily be less expensive, however performance/cost ratio should be higher since you don't have to different applications competing for resources. For this reason, you're probably going to have to spend a lot more for one server which caters to both and offers equivalent performance to 2 specialized ones.

Web 服务器的硬件要求与数据库服务器不同。数据库服务器拥有大量内存和非常快的磁盘阵列，性能更好，而 Web 服务器只需要足够的内存来缓存文件和频繁的数据库请求（取决于您的设置）。关于成本效益，两台服务器不一定便宜，但性能/成本比应该更高，因为您不必为不同的应用程序竞争资源。出于这个原因，您可能将不得不为一台服务器花费更多，该服务器可以同时满足这两种需求并提供与 2 个专用服务器相同的性能。

The security concern is that if the single machine is compromised, both webserver and database are vulnerable. With two servers, you have some breathing room as the 2nd server will still be secure (for a while at least).

安全问题是，如果单个机器受到威胁，网络服务器和数据库都容易受到攻击。有了两台服务器，您就有了一些喘息的空间，因为第二台服务器仍然是安全的（至少在一段时间内）。

Also, there are some scalability benefits since you may only have to maintain a few database servers that are used by a bunch of different web applications. This way you have less work to do applying upgrades or patches and doing performance tuning. I believe that there are server management tools for making these tasks easier though (in the single machine case).

此外，还有一些可扩展性优势，因为您可能只需要维护由一组不同的 Web 应用程序使用的几个数据库服务器。通过这种方式，您可以减少应用升级或补丁以及进行性能调整的工作量。我相信有服务器管理工​​具可以使这些任务更容易（在单机情况下）。

Security is a major concern. Ideally your database server should be sitting behind a firewall with only the ports required to perform data access opened. Your web application should be connecting to the database server with a SQL account that has just enough rights for the application to function and no more. For example you should remove rights that permit dropping of objects and most certainly you shouldn't be connecting using accounts such as 'sa'.

安全是一个主要问题。理想情况下，您的数据库服务器应该位于防火墙后面，并且只打开执行数据访问所需的端口。您的 Web 应用程序应该使用 SQL 帐户连接到数据库服务器，该帐户的权限刚好足以使应用程序正常运行，仅此而已。例如，您应该删除允许删除对象的权限，并且您肯定不应该使用诸如“sa”之类的帐户进行连接。

In the event that you lose the web server to a hiHyman (i.e. a full blown privilege escalation to administrator rights), the worst case scenario is that your application's database may be compromised but not the whole database server (as would be the case if the database server and web server were the same machine). If you've encrypted your database connection strings and the hacker isn't savvy enough to decrypt them then all you've lost is the web server.

如果您的 Web 服务器遭到劫持（即完全提升到管理员权限的权限），最坏的情况是您的应用程序的数据库可能会受到损害，但整个数据库服务器不会受到损害（如果数据库服务器和网络服务器是同一台机器）。如果您对数据库连接字符串进行了加密，而黑客还不够精明，无法解密它们，那么您失去的只是网络服务器。

One factor that hasn't been mentioned yet is load balancing. If you start off thinking of the web server and the database as separate machines, you optimize for fewer network round trips and also it gets easier to add a second web server or a second database engine as needs increase.

尚未提及的一个因素是负载平衡。如果您开始将 Web 服务器和数据库视为单独的机器，那么您可以针对更少的网络往返进行优化，并且随着需求的增加添加第二个 Web 服务器或第二个数据库引擎也会变得更容易。

Wow, No one brings up the fact that if you actually buy SQL server at 5k bucks, you might want to use it for more than your web application. If your using express, maybe you don't care. I see SQL servers run Databases for 20 to 30 applicaitions, so putting it on the webserver would not be smart.

哇，没有人提出这样一个事实：如果您真的以 5000 美元的价格购买 SQL 服务器，那么您可能希望将其用于 Web 应用程序以外的用途。如果您使用快递，也许您不在乎。我看到 SQL 服务器为 20 到 30 个应用程序运行数据库，因此将其放在网络服务器上并不明智。

Secondly, depends on whom the server is for. I do work for financial companies and the govt. So we use a crazy pain in the arse approach of using only sprocs and limiting ports from webserver to SQL. So if the web app gets hacked. The only thing the hacker can do is call sprocs as the user account on the webserver is locked down to only see/call sprocs on the DB. So now the hacker has to figure out how to get into the DB. If its on the web server well its kind of easy to get to.

其次，取决于服务器是为谁服务的。我确实为金融公司和政府工作。所以我们在只使用 sprocs 并限制从 webserver 到 SQL 的端口的方法中使用了一种疯狂的痛苦。因此，如果网络应用程序被黑客入侵。黑客唯一能做的就是调用 sprocs，因为网络服务器上的用户帐户被锁定为只能查看/调用 DB 上的 sprocs。所以现在黑客必须弄清楚如何进入数据库。如果它在网络服务器上，那么它很容易到达。

I can speak from first hand experience that it is often a good idea to place the web server and database on different machines. If you have an application that is resource intensive, it can easily cause the CPU cycles on the machine to peak, essentially bringing the machine to a halt. However, if your application has limited use of the database, it would probably be no big deal to have them share a server.

我可以从第一手经验说，将 Web 服务器和数据库放在不同的机器上通常是个好主意。如果您有一个资源密集型应用程序，它很容易导致机器上的 CPU 周期达到峰值，从而使机器停止运行。但是，如果您的应用程序对数据库的使用有限，让它们共享一个服务器可能没什么大不了的。

I agree with Daniel Earwicker - the security question is pretty much flawed.

我同意 Daniel Earwicker 的观点 - 安全问题非常有缺陷。

If you have a single box setup with a webserver and only the database for that webserver on it, if that webserver is compromised you lose both the webserver and only the database for that specific application.

如果您有一个带有网络服务器的单机设置，并且上面只有该网络服务器的数据库，如果该网络服务器受到威胁，您将丢失网络服务器和该特定应用程序的数据库。

This is exactly the same as what happens if you lose the webserver on a 2-server setup. You lose the web server, and just the database for that specific application.

这与在 2 台服务器设置中丢失网络服务器时发生的情况完全相同。您丢失了 Web 服务器，而只丢失了该特定应用程序的数据库。

The argument that 'the rest of the DB server's integrity is maintained' where you have a 2-server setup is irrelevant, because in the first scenario, every other database server relating to every other application (if there are any) remain unaffected as well - being, as they are, hosted elsewhere.

在您拥有 2 个服务器设置的情况下，“维护数据库服务器的其余部分的完整性”的论点是无关紧要的，因为在第一种情况下，与每个其他应用程序（如果有的话）相关的每个其他数据库服务器也不受影响- 就像他们一样，托管在其他地方。

Similarly, to the question posed by Kev 'what about all the other databases residing on the DB server? All you've lost is one database.'

同样，对于 Kev 提出的问题“驻留在 DB 服务器上的所有其他数据库呢？你失去的只是一个数据库。

• if you were hosting an application and database on one server, you would only host databases on that server which related to that application. Therefore, you would not lose any additional databases in a single server setup when compared to a multiple server setup.

• 如果您在一台服务器上托管应用程序和数据库，则只会在该服务器上托管与该应用程序相关的数据库。因此，与多服务器设置相比，您不会在单服务器设置中丢失任何额外的数据库。

By contrast, in a 2 server setup, where the attacker had access to the Web Server, and by proxy, limited rights (in the best case scenario) to the database server, they could put the databases of every other application at risk by carrying out slow, memory intensive queries or maximising the available storage space on the database server. By separating the applications out into their own concerns, very much like virtualisation, you also isolate them for security purposes in a positive way.

相比之下，在 2 服务器设置中，攻击者可以访问 Web 服务器，并且通过代理，对数据库服务器的有限权限（在最好的情况下），他们可以通过携带其他应用程序的数据库面临风险执行缓慢、内存密集型查询或最大化数据库服务器上的可用存储空间。通过将应用程序分离成它们自己的关注点，就像虚拟化一样，您还可以出于安全目的以积极的方式隔离它们。