I'm trying to get some opinions and directions on a network infrastructure question?
We're planning on implementing a new contact management type product across our WAN. We have two locs with hardware VPN setup (watchguard) and managing our tunnel between our two LANs. Loc1 192.168.12.x and Loc2 192.168.13.x Active Directory at the main loc1 replicating with an AD server in our second loc.
Our internal domain name is not a truly registered domain name, so doesn’t resolve over the Internet or anything. E.g. EnternalDomain.com All users and machines log into this domain. Well the new contact software server is a 2003 server joined to our 2000 AD, so its FQN is newsoftwareserver.enternaldomain.com. That product requires that the FQN is resolved over the Internet, so users can use the Apps client interface and of course it will need a public address. I am not sure what the ramifications/advantages are of making our enternaldomain.com name a truly registered domain and the effects it will have on our security. This is where my Active Directory knowledge gets limited!!!???? I am thinking giving the new contact server a public address and setting up a 1-1 NAT in the firewall to get it accessible, but a key factor is, although the product is technically a webserver, we're not to put it out in our existing DMZ b/c it has critical company data on it. Go figure!!??? I'm know some manual DNS entries so the internal/external users can resolve the new server by it's FQN, but I'm not sure for what situations I'll have to do that yet!!!???
We also have a hosted domain name that I may possibly want to consider using if at all possible, but I'm thinking configuring that to work with DNS, internal on our AD server, and external DNS servers, maybe more complicated?
Basically, I'm looking for some insight on the best approach to this implementation. Some suggested routes. Sorry if this isn't clear.