What is the preferred way to host an MS SQL Server so that a web app can access data from any network? We have an API between the two but now thinking we may need to host the DB off site. Any recommendations? We currently run MS SQL Server is this an option?
You need to host the SQL instance on a server with a public IP which can be reachable from outside networks.
Make sure to allow inbound/outbound firewall rules on the SQL instance port.
I would not recommend this - opening up access to your SQL Server directly on the internet is not a good idea.
I would recommend hosting the API (web service?) on a server in a DMZ and preferably behind a Netscaler/F5 appliance. The only access to the web service would be through SSL from the external network.
Firewall rules would only allow access to the internal network (or hosted system) from this web server - and the account accessing the internal/hosted database server would be a very limited account that could only execute specific stored procedures needed for that API.
You could also secure the connection between the web service and database using a separate SSL certificate. So - one certificate for external access to the web service/api and a separate SSL certificate to access SQL Server.