I'm building a Windows Server 2003 network and would like some input in the form of comments and suggestions as to best practices and layouts to achieve the desired result with the hardware we have. For the purposes of this discussion, let's keep the "backup" talk to a minimum, as we are pretty well equipped with automated backup processes. I'm more interested in security and preservation of settings; I want to keep the primary domain controller clean.
We have 2 servers; one brand-new (what I've been calling the Primary Server) and one slightly older and less powerful (of course I've been calling this the Secondary Server).
We have a Netgear hardware firewall/VPN but I think we'll want to use the internal software VPN in WS2003. There is also a small LAN with a couple of XP systems hooked up to it.
We will be using Terminal Services and Active Directory to set up remote (and local) users with virtual desktops on the server. Some internet and email applications will be accessed from these accounts. Primary usage will be intensive data analysis using Office applications (Access).
As for network architecture, this is what I'm thinking:
_ LAN _
S1 S2 -- firewall -- internet -- vpn tunnel
Do I want to isolate the user accounts to the secondary server, and put the data and applications on the primary (faster) server? I suppose though that the user desktops should be on the machine housing the applications, and that the data, for speed, should be on the same machine within the network. ?
What should be the distribution of roles between the two servers? Should they both be domain controllers?
How would you set up a two-server small network with VPN and terminal services, where the primary objective is speed with relation to data access?