Setup question

  • Thread starter Thread starter John
  • Start date Start date
J

John

Hi

I have an interesting set up question.

I have 3 server that i will use to host websites and various services in a
hosting centre. 2 servers will be W2003 Server running IIS, JRun and other
application servers. The other will be a SQL server. All 3 servers have 2
NICs. 1 connecting each server to a gigabit switch as a kinda mini LAN and
the other directy to the WAN hub which the location center provides. Admin
will be Remote Desktop Connection

I reckon i should set up an active directory domain to easy administration
etc. Is this a bad idea?

Also one of the servers needs to host DNS for all our domains (200 odd).
Can i do this and also have an active directory DNS?

I hope this makes sense, if not, please respond to the group and i'll
clarify.

I'm open to all suggestions, but cant buy anymore hardware!!

Thanks in advance, and sorry for the xpost, not sure which group was the
most appropriate.
 
I reckon i should set up an active directory domain to easy administration
etc. Is this a bad idea?
Click to expand...
It's not a bad idea.
Also one of the servers needs to host DNS for all our domains (200 odd).
Can i do this and also have an active directory DNS? Yes

I'm open to all suggestions, but cant buy anymore hardware!!
Click to expand...
You know you could run DNS on a very cheap clone desktop, right? Just making
sure that you know you don't need a "Server"-level, expensive hardware for
this purpose at all.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
I have an interesting set up question.

I have 3 server that i will use to host websites and various services in a
hosting centre. 2 servers will be W2003 Server running IIS, JRun and other
application servers. The other will be a SQL server. All 3 servers have 2
NICs. 1 connecting each server to a gigabit switch as a kinda mini LAN and
the other directy to the WAN hub which the location center provides. Admin
will be Remote Desktop Connection

I reckon i should set up an active directory domain to easy administration
etc. Is this a bad idea?
Click to expand...
I think it's not a good idea. AD gives you a single sign, and this
means that if one machine is compromised, then all machines may be
compromised too. If they are standalone machines then each one would
have to be compromised individually. Of course there are pros and cons
to this.
Also one of the servers needs to host DNS for all our domains (200 odd).
Can i do this and also have an active directory DNS?
Click to expand...
Yes. There is no such thing as "an active directory DNS" in the sense
that it is in some way special. It is merely a DNS service that Active
Directory *uses*. It could be on the moon providing it can support
your SRV records. It doesn't have to be a Microsoft DNS server. Some
people use Novell or Bind DNS servers.

So that was the long answer. The short answer is, yes, you can use the
same DNS server, provided it supports SRV records, which Windows 2000
DNS does.

Cheers,

Cliff

(MVP)
 
I think it's not a good idea. AD gives you a single sign, and this
means that if one machine is compromised, then all machines may be
compromised too. If they are standalone machines then each one would
have to be compromised individually. Of course there are pros and cons
to this.
Click to expand...


But if i want the server to communicate (for backups etc) seamlessly I need
accounts on each that tie up anyway. What does MS say about web server on a
domain?
 
In
John said:
But if i want the server to communicate (for backups etc) seamlessly
I need accounts on each that tie up anyway. What does MS say about
web server on a domain?
Click to expand...

For an external Internet webserver, not a good idea at all. It's a security
risk to expose a domain controller to the outside world. Better to have it
on a stand alone. As long as you know the credentials to communicate between
servers thru DCOM or XML, that's all you need.

For an internal corporate only intranet webserver, that would be fine, but
really not recommended depending on the web apps and features you have
installed. Besides, a computer promoted to a DC will slow everything down
due to the default disabling of the write cache. For internal use, rather
have it on a member server, not a DC.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I have 3 server that i will use to host websites and various services in a
hosting centre. 2 servers will be W2003 Server running IIS, JRun and other
application servers. The other will be a SQL server. All 3 servers have 2
NICs. 1 connecting each server to a gigabit switch as a kinda mini LAN and
the other directy to the WAN hub which the location center provides. Admin
will be Remote Desktop Connection

I reckon i should set up an active directory domain to easy administration
etc. Is this a bad idea?
Click to expand...

Not necessarily. There are issues with IIS being on a DC, but you
don't have any real AD load so the SQL Server could be your DC.
Everything is a tradeoff so make sure you understand any increased
secuirty risks.
Also one of the servers needs to host DNS for all our domains (200 odd).
Can i do this and also have an active directory DNS?
Click to expand...

Sure. Two separate zones, one internal, one external. Internal is
AD, external is Standard Primary.

Jeff
 
I read the question to mean that these servers are NOT his production
servers. So, at best, what he would be exposing is what he's already
exposing. He wants a solution for ease of management and administration.
Would I suggest he runs his "production/corporate" domain out of a colo, or
install IIS on his DC? H@#$ NO!. But this is web hosting enviroment, and I
see limitless ease of administration as a good reason to not rely on
workgroup setup.

but, that's jsut me :)

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Ace Fekay [MVP]"
 
In
Deji Akomolafe said:
I read the question to mean that these servers are NOT his production
servers. So, at best, what he would be exposing is what he's already
exposing. He wants a solution for ease of management and
administration. Would I suggest he runs his "production/corporate"
domain out of a colo, or install IIS on his DC? H@#$ NO!. But this is
web hosting enviroment, and I see limitless ease of administration as
a good reason to not rely on workgroup setup.

but, that's jsut me :)


Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Click to expand...

Point well taken!
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top