Deploying a Customer Facing Enterprise App

Question

I have a customer-facing enterprise app. (like AWS). Customers specify config on the app and relevant infrastructure is spun up along with my software on it. My CloudOps team, like the AWSCloudOps team, would have access to an internal version of the app which would have a lot more nuts and bolts that are not exposed to customer i.e. internal app is superset of customer-facing app

1. Should I deploy 2 Application servers - 1 for customer or 1 for internal?
2. Should I deploy 1 Application server for both and use RBAC to keep it secure

I like option 2 but a colleague is saying it is not secure and wants option 1

Answer 1

What I have done is create a separate service for internal and expose it only within the company premises (and VPN so your workers can connect from elsewhere). I have before been hacked and it is a catastrophe if you don't have proper differentiation between internal and external infrastructure. So option 1 but keep it inside your company network entirely as this is not (from experience) something you want exposed on the internet.

In response to your comment

My thought is that the applications are not identical as your internal app would have more raw logs and probably some moderation and administration equipment for the app. So in the internet facing version those features are not even implemented. However, make it so the applications share the same database and a large proportion of code: the internal version should just be an extended git branch of the main version.

As for local deployment I literally brought a server and put it in our comms room just for this distribution to run on. As a company we already had a VPN set up to connect offices and allow employees to connect remotely. It is a fairly large task to set this up properly with a internal domain controller as well but since you are a technical company this may be more achievable.