Hi,
Apologies in advance for my limited knowledge on this area.
We currently have one forest with multiple domains (e.g. "external" and "internal") with two-way trusts setup and are looking to isolate the "external" domain into its own forest so as to comply with security best practice which will break the trust relationship (intentionally).
Part of this will require transitioning/migrating existing virtual servers, applications, users, groups etc which currently reside with the old "external" domain across to the new Forest containing the new "external" domain. My understanding is that this is quite simple and is just a matter of changing the membership (maybe wrong terminology) ... and obviously the creation of new Forest.
We also have Citrix servers on the external domain and the Citrix farm on the "internal" domain.
I thought a citrix farm was a group of citrix servers so am assuming that this statement means that there must be citrix servers on both internal and external domains. (I know I should probably understand our setup but unfortunately don't as it's not my expertise) .... therefore the separation of the external domain into its new forest will break this setup.
If we wanted to maintain the 2 separate forests, what options are there for a citrix farm to be across 2 forests?
Would enabling SSO solve this?
Do we have to create a separate farm on the new forest?
Any advice welcome.
Thanks in advance
Apologies in advance for my limited knowledge on this area.
We currently have one forest with multiple domains (e.g. "external" and "internal") with two-way trusts setup and are looking to isolate the "external" domain into its own forest so as to comply with security best practice which will break the trust relationship (intentionally).
Part of this will require transitioning/migrating existing virtual servers, applications, users, groups etc which currently reside with the old "external" domain across to the new Forest containing the new "external" domain. My understanding is that this is quite simple and is just a matter of changing the membership (maybe wrong terminology) ... and obviously the creation of new Forest.
We also have Citrix servers on the external domain and the Citrix farm on the "internal" domain.
I thought a citrix farm was a group of citrix servers so am assuming that this statement means that there must be citrix servers on both internal and external domains. (I know I should probably understand our setup but unfortunately don't as it's not my expertise) .... therefore the separation of the external domain into its new forest will break this setup.
If we wanted to maintain the 2 separate forests, what options are there for a citrix farm to be across 2 forests?
Would enabling SSO solve this?
Do we have to create a separate farm on the new forest?
Any advice welcome.
Thanks in advance
