[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 300
  • Last Modified:

Registered Domain Name or NOT?

I'm trying to get some opinions and directions on a network infrastructure question?

We're planning on implementing a new contact management type product across our WAN.  We have two locs with hardware VPN setup (watchguard) and managing our tunnel between our two LANs.  Loc1 192.168.12.x and Loc2 192.168.13.x   Active Directory at the main loc1 replicating with an AD server in our second loc.  

Our internal domain name is not a truly registered domain name, so doesn’t resolve over the Internet or anything.  E.g. EnternalDomain.com  All users and machines log into this domain.  Well the new contact software server is a 2003 server joined to our 2000 AD, so its FQN is newsoftwareserver.enternaldomain.com.  That product requires that the FQN is resolved over the Internet, so users can use the Apps client interface and of course it will need a public address.  I am not sure what the ramifications/advantages are of making our enternaldomain.com name a truly registered domain and the effects it will have on our security.  This is where my Active Directory knowledge gets limited!!!????  I am thinking giving the new contact server a public address and setting up a 1-1 NAT in the firewall to get it accessible, but a key factor is, although the product is technically a webserver, we're not to put it out in our existing DMZ b/c it has critical company data on it.  Go figure!!???  I'm know some manual DNS entries so the internal/external users can resolve the new server by it's FQN, but I'm not sure for what situations I'll have to do that yet!!!???

We also have a hosted domain name that I may possibly want to consider using if at all possible, but I'm thinking configuring that to work with DNS, internal on our AD server, and external DNS servers, maybe more complicated?  

Basically, I'm looking for some insight on the best approach to this implementation.  Some suggested routes.  Sorry if this isn't clear.

Thanks.
0
dee30
Asked:
dee30
  • 2
1 Solution
 
HypercubeTechCommented:
Man i hate active directory.. sigh

Which contact management app are you installing?  I have found that manual edit of DNS is sometimes a
good way (as long as the DNS server is local and using AD) to get around the FQDN problem with some software.  Not the best answer but you've got your hands full..

0
 
BILJAXCommented:
AD isn't that bad, you just have to know how to use it.  (Does miss the simplicity of the PDC/BDC method).

You should have two domains on your system

domainname.com (this is what you have outside)
domainname.local (this is what you see inside)

You have a Watchguard, so you should have an "optional" port.  Plug those "DMZ'ed" server in there (use a switch if needed), and have the firewall do the DNS to make the optional and trusted networks talk.

AC

0
 
dee30Author Commented:
BillJax,

How do confirm that is setup correclty in AD, would be my first basic question? Are there some easy steps.  I'll be taking my AD book home for review. Too bad they don't make cliff notes for that.

Note, right now all machines are set to belong(added) to only ourintneraldomain.com.  This would be the same domain I have added the new server to and need to be able to resolve the FQN for, e.g. newserver.ourinternaldomain.com.  Security wise is this a good plan? I know how to set it up in our DMZ off the optional, but at this point am not sure that is what we'll be doing, b/c the new server will have financial info.

Thanks.
0
 
BILJAXCommented:
Here's a small walkthrough.

http://www.comptechdoc.org/os/windows/win2k/win2kadinstall.html


If they made cliff's notes for AD, that thing would still be 200 pages long.


AC
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now