Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 212
  • Last Modified:

windows 2003 forest design

We are redesigning windows infrastructure.  Our new design will include a single 2003 forest with 25 child domains.  FROM 25 forest to one forest and 25 child domains.  The problem i have is our network infrastructure, currently has a firewall on every vlan, which they say is best practice?  The designs from MS and talking to MS directly says NO firewall between domains in a single forest and NO nat'ed address.  WELL network group say MS is crazy.  The security group doesnt want IPSEC because they can't sniff it.    AND the NETWORK group doesnt want to open all the port neccessary across the firewall "which are all internal by the way, we are not asking them to open across firewalls outside the company."  

AND NOW FOR THE QUESTION: Does anyone have a single forest multiple child domain design, that i can talk to and see how you handled the network?  THIS leads into another project which is single sign on for the company.
0
jwhitlock31
Asked:
jwhitlock31
  • 4
  • 4
1 Solution
 
Jay_Jay70Commented:
Hi jwhitlock31,

i work in a single forest multiple domain environment of 8 domains at the moment - here comes the fun, in the process of upgrading to over 500 domains in a single forest. One firewall at the root currently and not looking at changing that

what exactly do you need to know?

Cheers!
0
 
jwhitlock31Author Commented:
i guess my question is what did you network group say about the design?  OURS believe that everything need to go through a firewall.. and having all those firewalls between the DC's have been a real pain... AND the network groups say they are doing best practice.  BUT it is completely against the single forest design....and really hard to implement  I guess i would like to know that other companies design their forest with out firewall internally between their child domains and root domains?

0
 
Jay_Jay70Commented:
we have all our domains inside a private ip network which provides us with an extra bit of security but we still have one giant NOKIA firewall running at a central location

having a firewall at each site is going to be secure but it is also going to require a whole load of configuration, it think it is important however to have some form of security exepcially if you are not sitting within a private network originally      configuring a firewall at each site probably isnt a bad idea and ms best practices arent always the most logical practices  there are often scenarios that dont get taken into considertion by MS

im very keen to see what other experts have to say on this topic also
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
jwhitlock31Author Commented:
ALL the DC's are at the same site, inside the forest....
0
 
Jay_Jay70Commented:
all the DC' are at the same site??!!!???

you are going to have 25 Domains authenticating over a WAN link to your DC's??   what happens if a WAN link goes down.......

good rule of thumb

minimum of 1 DC per site
minumum of 1 GC persite and max of 2
Minimum of 1 DNS server per site max of 2

0
 
jwhitlock31Author Commented:
Not over a wan, over a lan link ... that is why i think that all the firewalls are unneccessary...
0
 
jwhitlock31Author Commented:
we have 4 DC per domain all running dns, and two GC's

0
 
Jay_Jay70Commented:
wow all that over a LAN link, then no, i dont see the neccessity of a firewall per domain

what kinfod structure do you have that you going to have so many domains on a LAN   what kind of business?? just out of curiosity
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now