site configuration

  • Thread starter Thread starter Harry
  • Start date Start date
H

Harry

Folks;
I have three servers of equal capabilities. All run Win2k3
Load is not a real concern.Security is of primary concern.
I need to run AD with a backup controller.
I need to run SQL2000.
I need to run Exchange 2003. OWA is active and through the firewall.
I need to run IIS (five sites).

I need to keep SQL and IIS separate for security reasons. The AD domain is
not heavily trafficed, but does run dhcp and dns.
Since OWA opens the Exchange box up to the firewall I was considering using
it as the IIS server also. Is this a no-no?

The other question is where I should run AD. I want to consolidate as much
as possible.

Many Thanks
Harry
 
How about this:

Server1 in a DMZ running IIS, external DNS and OWA front end.
Server2 behind the firewall running AD, internal DNS, SQL and 70% of DHCP
addresses.
Server3 behind the firewall running AD, internal DNS, Exchange back end and
30% of DHCP addresses.

Don't run OWA inside the firewall because as you say it opens more ports
than is necessary. Run it in the DMZ and you can use https for the clients
to connect and use an IPSec tunnel between the OWA server and the Exchange
back end.

If the web sites are internal, put them on Server2 or Server3. If they are
public, put them on server1 in the DMZ. Don't host public websites inside
the firewall.
 
Simon
Sounds better than my idea.
Thanks

Simon Geary said:
How about this:

Server1 in a DMZ running IIS, external DNS and OWA front end.
Server2 behind the firewall running AD, internal DNS, SQL and 70% of DHCP
addresses.
Server3 behind the firewall running AD, internal DNS, Exchange back end and
30% of DHCP addresses.

Don't run OWA inside the firewall because as you say it opens more ports
than is necessary. Run it in the DMZ and you can use https for the clients
to connect and use an IPSec tunnel between the OWA server and the Exchange
back end.

If the web sites are internal, put them on Server2 or Server3. If they are
public, put them on server1 in the DMZ. Don't host public websites inside
the firewall.
Click to expand...
 
Back
Top